CompTIA SecurityX (CAS-005) — Question 252

A company implemented a NIDS and a NIPS on the most critical environments. Since this implementation the company has been experiencing network connectivity issues. Which of the following should the security architect recommend for a new NIDS/NIPS implementation?

Answer options

• A. Implementing the NIDS with a port mirror in the core switch and the NIPS in the main firewall
• B. Implementing the NIDS and the NIPS together with the main firewall
• C. Implementing a NIDS without a NIPS to increase the detection capability
• D. Implementing the NIDS in the bastion host and the NIPS in the branch network router

Correct answer: A

Explanation

The correct answer, A, suggests using a port mirror for the NIDS, allowing it to monitor traffic without impacting performance, while placing the NIPS in the main firewall to properly manage and filter malicious traffic. Option B could lead to performance issues as both systems are colocated. Option C diminishes the overall security posture by not utilizing the NIPS, and option D may not provide optimal protection as the bastion host is not typically the best location for a NIDS.