ISC2 CSSLP Exam - Topic 10 Question 18 Discussion

A host-based intrusion prevention system (HIPS) is an application usually employed on a single computer. It complements traditional finger-

print-based and heuristic antivirus detection methods, since it does not need continuous updates to stay ahead of new malware. When a

malicious code needs to modify the system or other software residing on the machine, a HIPS system will notice some of the resulting changes

and prevent the action by default or notify the user for permission. It can handle encrypted and unencrypted traffic equally and cannot detect

events scattered over the network.

Answer B is incorrect. Network address translation (NAT) is a technique that allows multiple computers to share one or more IP

addresses. NAT is configured at the server between a private network and the Internet. It allows the computers in a private network to share

a global, ISP assigned address. NAT modifies the headers of packets traversing the server. For packets outbound to the Internet, it translates

the source addresses from private to public, whereas for packets inbound from the Internet, it translates the destination addresses from

public to private.

Answer A is incorrect. Network intrusion prevention system (NIPS) is a hardware/software platform that is designed to analyze, detect,

and report on security related events. NIPS is designed to inspect traffic and based on its configuration or security policy, it can drop malicious

traffic. NIPS is able to detect events scattered over the network and can react.