Splunk Observability Cloud Certified Metrics User — Question 21

What device typically sits at a network perimeter to detect command and control and other potentially suspicious traffic?

Answer options

• A. Host-based firewall
• B. Web proxy
• C. Endpoint Detection and Response
• D. Intrusion Detection System

Correct answer: D

Explanation

An Intrusion Detection System (IDS) is designed to monitor network traffic for suspicious activities, making it effective at identifying command and control traffic. In contrast, a Host-based firewall primarily protects individual devices, a Web proxy serves as an intermediary for web requests, and Endpoint Detection and Response focuses on threats at the endpoint level rather than the network perimeter.