Which system monitors traffic, reports on it, and blocks or responds to suspicious activity?

Unlock all questions

This demo includes only 20 questions. Upgrade to access hundreds of questions, flashcards, exam simulations, and disable ads.

Full question bankExam simulationsFlashcards
From $24.99Unlock all

Study for the CompTIA SecurityX Test. Equip yourself with comprehensive flashcards and multiple choice questions that include hints and explanations. Gear up for your certification exam!

Multiple Choice

Which system monitors traffic, reports on it, and blocks or responds to suspicious activity?

Explanation:
Network intrusion detection and prevention systems monitor traffic in real time, report findings, and can block or respond to suspicious activity. This type of system watches network packets for signs of attack or unusual behavior, then raises alerts to notify administrators. If it’s in prevention mode, it also takes action to stop threats—dropping malicious packets, resetting connections, or enforcing rules to block the attacker. That combination of monitoring, reporting, and active response is what sets it apart. SIEM systems collect and analyze logs from many sources and provide alerts and dashboards, but they don’t typically inspect live traffic or block traffic on the wire by themselves. A SNMP Manager handles device management and monitoring, not security-focused traffic analysis. Break and Inspect isn’t a standard security control used to describe a system that monitors, reports, and blocks traffic.

Network intrusion detection and prevention systems monitor traffic in real time, report findings, and can block or respond to suspicious activity. This type of system watches network packets for signs of attack or unusual behavior, then raises alerts to notify administrators. If it’s in prevention mode, it also takes action to stop threats—dropping malicious packets, resetting connections, or enforcing rules to block the attacker. That combination of monitoring, reporting, and active response is what sets it apart.

SIEM systems collect and analyze logs from many sources and provide alerts and dashboards, but they don’t typically inspect live traffic or block traffic on the wire by themselves. A SNMP Manager handles device management and monitoring, not security-focused traffic analysis. Break and Inspect isn’t a standard security control used to describe a system that monitors, reports, and blocks traffic.

More Multiple Choice Questions
Subscribe

Get the latest from Examzify

You can unsubscribe at any time. Read our privacy policy