CompTIA Security+ (SY0-501) — Question 931

A systems administrator is receiving multiple alerts from the company NIPS. A review of the NIPS logs shows the following: reset both: 70.32.200.2:3194 `"> 10.4.100.4:80 buffer overflow attempt reset both: 70.32.200.2:3230 `"> 10.4.100.4:80 directory traversal attack reset client: 70.32.200.2:4019 `"> 10.4.100.4:80 Blind SQL injection attack
Which of the following should the systems administrator report back to management?

Answer options

• A. The company web server was attacked by an external source, and the NIPS blocked the attack.
• B. The company web and SQL servers suffered a DoS caused by a misconfiguration of the NIPS.
• C. An external attacker was able to compromise the SQL server using a vulnerable web application.
• D. The NIPS should move from an inline mode to an out-of-band mode to reduce network latency.

Correct answer: A

Explanation

The correct answer is A because the logs indicate that the NIPS effectively blocked multiple attack attempts against the company web server. Option B is incorrect as there is no evidence of a DoS due to misconfiguration. Option C is false since the logs show that the attacks were blocked, indicating no compromise occurred. Option D is not relevant in this context, as the focus is on reporting the successful prevention of attacks.