CompTIA Security+ (SY0-501) — Question 1034

The Chief Information Security Officer (CISO) is asking for ways to protect against zero-day exploits. The CISO is concerned that an unrecognized threat could compromise corporate data and result in regulatory fines as well as poor corporate publicity. The network is mostly flat, with split staff/guest wireless functionality.
Which of the following equipment MUST be deployed to guard against unknown threats?

Answer options

• A. Cloud-based antivirus solution, running as local admin, with push technology for definition updates
• B. Implementation of an off-site datacenter hosting all company data, as well as deployment of VDI for all client computing needs
• C. Host-based heuristic IPS, segregated on a management VLAN, with direct control of the perimeter firewall ACLs
• D. Behavior-based IPS with a communication link to a cloud-based vulnerability and threat feed

Correct answer: D

Explanation

The correct answer is D because a behavior-based IPS can detect and respond to anomalies in traffic patterns, providing real-time protection against zero-day exploits by utilizing up-to-date threat intelligence from the cloud. Options A and C focus on traditional security measures that may not adequately address unknown threats, while option B involves infrastructure changes that do not specifically target the immediate need for defense against zero-day vulnerabilities.