CompTIA CySA+ (CS0-003) — Question 254

A cybersecurity analyst is setting up a security control that monitors network traffic and produces an active response to a security event. Which of the following tools is the analyst configuring?

Answer options

• A. EDR
• B. IPS
• C. CASB
• D. WAF

Correct answer: B

Explanation

The correct answer is B, IPS, which stands for Intrusion Prevention System, as it actively monitors and responds to network traffic anomalies. EDR (A) focuses on endpoint detection and response, CASB (C) deals with cloud access security, and WAF (D) is a web application firewall, none of which provide the same level of active response to network traffic as an IPS.