CompTIA Security+ (SY0-601) — Question 672
A security engineer is concerned that the strategy for detection on endpoints is too heavily dependent on previously defined attacks. The engineer would like a tool to monitor for changes to key files and network traffic on the device. Which of the following tools BEST addresses both detection and prevention?
Answer options
- A. NIDS
- B. HIPS
- C. AV
- D. NGFW
Correct answer: B
Explanation
HIPS (Host Intrusion Prevention System) is specifically designed to monitor and protect endpoints by detecting changes to key files and preventing unauthorized access, making it the best option for both detection and prevention. NIDS (Network Intrusion Detection System) primarily focuses on network traffic and does not provide direct prevention mechanisms. AV (Antivirus) is mainly for malware detection and does not address network traffic, while NGFW (Next-Generation Firewall) is focused on network security rather than endpoint-specific changes.