New Year Sale 2026! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions
Mail Us support@pass4success.com
Location US
Mob_nav_barsMENU

ISC2 CISSP Exam - Topic 5 Question 102 Discussion

Actual exam question for ISC2's CISSP exam
Question #: 102
Topic #: 5
[All CISSP Questions]

Host-Based Intrusion Protection (HIPS) systems are often deployed in monitoring or learning mode during their initial implementation. What is the objective of starting in this mode?

Show Suggested Answer Hide Answer
Suggested Answer: A

A Host-Based Intrusion Protection (HIPS) system is a software that monitors and blocks malicious activities on a single host, such as a computer or a server.A HIPS system can also prevent unauthorized changes to the system configuration, files, or registry12

During the initial implementation, a HIPS system is often deployed in monitoring or learning mode, which means that it observes the normal behavior of the system and the applications running on it, without blocking or alerting on any events.The objective of starting in this mode is to automatically create exceptions for specific actions or files that are legitimate and safe, but may otherwise trigger false alarms or unwanted blocks by the HIPS system34

By creating exceptions, the HIPS system can reduce the number of false positives and improve its accuracy and efficiency. However, the monitoring or learning mode should not last too long, as it may also expose the system to potential attacks that are not detected or prevented by the HIPS system.Therefore, after a sufficient baseline of normal behavior is established, the HIPS system should be switched to a more proactive mode, such as alerting or blocking mode, which can actively respond to suspicious or malicious events


by Josephine at Apr 29, 2025, 10:51 PM

Limited Time Offer

25%

Off

Get Premium CISSP Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

0/2000 characters
Submit Cancel
Blair
2 months ago
Sounds too simple, are we sure that's the goal?
upvoted 0 times
...
Salley
2 months ago
No way, it's definitely about monitoring first!
upvoted 0 times
...
Kaitlyn
2 months ago
Wait, I thought it was to automatically whitelist actions?
upvoted 0 times
...
Lorrie
3 months ago
It's all about building a baseline of normal events.
upvoted 0 times
...
Rosann
3 months ago
Totally agree, D is the right answer!
upvoted 0 times
...
Rodney
3 months ago
I thought the purpose was to create exceptions for specific actions, but now I’m questioning if that’s really the right approach in the initial phase.
upvoted 0 times
...
Glory
3 months ago
I’m leaning towards option D because it seems logical to establish what’s normal before making any changes, but I could be mixing it up with something else we studied.
upvoted 0 times
...
Marylin
4 months ago
I remember a practice question about HIPS that mentioned whitelisting actions, but I feel like the focus here is more on understanding normal behavior first.
upvoted 0 times
...
Mel
4 months ago
I think starting in monitoring mode helps to build a baseline of normal activities, but I'm not entirely sure if that's the main goal.
upvoted 0 times
...
Darell
4 months ago
I feel pretty confident about this one. The objective of starting a HIPS system in monitoring or learning mode is to build a baseline of normal system events. This baseline can then be used to detect and flag any deviations from normal activity, which could indicate a potential intrusion or security breach.
upvoted 0 times
...
Veronika
4 months ago
I'm a little confused by the options here. Is the goal to automatically create exceptions, or to blacklist unsafe files, or to whitelist known actions? I'll need to re-read the question and think about the purpose of HIPS systems in general.
upvoted 0 times
...
Samira
4 months ago
Okay, I've got it! The objective is to build a baseline of normal or safe system events that the HIPS system can use as a reference. This allows it to identify and flag any abnormal or potentially malicious activity in the future. Makes sense!
upvoted 0 times
...
Onita
5 months ago
Hmm, I'm a bit unsure about this one. Is the objective to automatically create exceptions or whitelist known actions? Or is it to identify unsafe files to blacklist? I'll need to think this through carefully.
upvoted 0 times
...
Delisa
5 months ago
This seems like a straightforward question about the purpose of HIPS systems in monitoring or learning mode. I think the key is to understand that the goal is to build a baseline of normal system activity to use as a reference point.
upvoted 0 times
...
Frank
8 months ago
Ha! HIPS in 'learning mode' - it's like putting a newborn baby in charge of home security. Gotta crawl before you can walk, am I right?
upvoted 0 times
Jose
7 months ago
D) Build a baseline of normal or safe system events for review
upvoted 0 times
...
Tammy
7 months ago
C) Automatically whitelist actions or files known to the system
upvoted 0 times
...
Mitsue
7 months ago
A) Automatically create exceptions for specific actions or files
upvoted 0 times
...
...
Alona
8 months ago
I think it's important to determine which files are unsafe to access and blacklist them during initial implementation.
upvoted 0 times
...
Willie
9 months ago
I believe it also helps in automatically whitelisting actions or files known to the system.
upvoted 0 times
...
Jamal
9 months ago
I'm going with D. Baseline building is key to understand normal system activity before the HIPS can start enforcing policies effectively.
upvoted 0 times
France
8 months ago
Whitelisting known safe actions or files can also help reduce false positives when the HIPS is fully operational.
upvoted 0 times
...
Lucy
8 months ago
Once the baseline is built, it's easier to identify and respond to abnormal activities.
upvoted 0 times
...
Aleshia
8 months ago
I agree, starting in learning mode helps establish what normal system events look like.
upvoted 0 times
...
...
Albina
9 months ago
I agree with Erasmo. Starting in learning mode helps in understanding what is normal for the system.
upvoted 0 times
...
Chaya
9 months ago
C) Automatically whitelist actions or files known to the system - that's a good approach too, but it doesn't really establish the baseline, which is crucial for HIPS.
upvoted 0 times
Ruth
8 months ago
A) Automatically create exceptions for specific actions or files
upvoted 0 times
...
Tonette
8 months ago
C) Automatically whitelist actions or files known to the system
upvoted 0 times
...
Ernie
8 months ago
D) Build a baseline of normal or safe system events for review
upvoted 0 times
...
King
8 months ago
A) Automatically create exceptions for specific actions or files
upvoted 0 times
...
...
Erasmo
10 months ago
I think the objective is to build a baseline of normal system events for review.
upvoted 0 times
...
Danica
10 months ago
D) Build a baseline of normal or safe system events for review - this makes total sense for initial HIPS deployment. Gotta learn the normal behavior first before taking action.
upvoted 0 times
King
8 months ago
D) Build a baseline of normal or safe system events for review
upvoted 0 times
...
Malcom
8 months ago
C) Automatically whitelist actions or files known to the system
upvoted 0 times
...
Elden
8 months ago
A) Automatically create exceptions for specific actions or files
upvoted 0 times
...
...

Save Cancel