CompTIA CySA+ (CS0-001) — Question 249

A company's asset management software has been discovering a weekly increase in non-standard software installed on end users' machines with duplicate license keys. The security analyst wants to know if any of this software is listening on any non-standard ports, such as 6667. Which of the following tools should the analyst recommend to block any command and control traffic?

Answer options

• A. Netstat
• B. NIDS
• C. IPS
• D. HIDS

Correct answer: C

Explanation

The correct answer is C, IPS, as it is designed to block malicious traffic, including command and control communications. Netstat (A) is a network utility for displaying active connections, NIDS (B) is a detection system but does not block traffic, and HIDS (D) focuses on monitoring host-based activities rather than preventing network traffic.