New Year Sale 2026! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions
Mail Us support@pass4success.com
Location US
Mob_nav_barsMENU

ISC2 ISSAP Exam - Topic 1 Question 23 Discussion

Actual exam question for ISC2's ISSAP exam
Question #: 23
Topic #: 1
[All ISSAP Questions]

You are the Network Administrator for a large corporate network. You want to monitor all network traffic on your local network for suspicious activities and receive a notification when a possible attack is in process. Which of the following actions will you take for this?

Show Suggested Answer Hide Answer
Suggested Answer: A

A network-based detection system (NIDS) analyzes data packets flowing through a network. It can detect malicious packets that are

designed to be overlooked by a firewall's simplistic filtering rules. It is responsible for detecting anomalous or inappropriate data that may be

considered 'unauthorized' on a network. An NIDS captures and inspects all data traffic, regardless of whether it is permitted for checking or

not.

Answer option B is incorrect. A host based IDS simply monitors attempted attacks on an individual host.

Answer option D is incorrect. Verbose logging on the firewall will only give you clues regarding attacks on the firewall.

Answer option C is incorrect. A DMZ firewall, while a good suggestion and usually more secure, would not give you any monitoring of the traffic

on the LAN.


by Carmelina at May 03, 2022, 05:57 PM

Limited Time Offer

25%

Off

Get Premium ISSAP Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

0/2000 characters
Submit Cancel
Lenna
4 months ago
Wait, can an IDS really catch everything? Sounds too good to be true!
upvoted 0 times
...
Shawnna
4 months ago
Enabling verbose logging (D) is useful, but not a complete solution.
upvoted 0 times
...
Rasheeda
4 months ago
DMZ firewall (C) is more about segmentation, not traffic monitoring.
upvoted 0 times
...
Truman
4 months ago
I disagree, host-based IDS (B) can be just as effective for certain threats.
upvoted 0 times
...
Tula
5 months ago
Gotta go with A, network-based IDS is the way to monitor traffic.
upvoted 0 times
...
Samuel
5 months ago
Enabling verbose logging on the firewall could help, but I don't think it would provide real-time alerts like an IDS would.
upvoted 0 times
...
Brock
5 months ago
I practiced a similar question, and I think installing a DMZ firewall is more about segmentation than monitoring traffic.
upvoted 0 times
...
Halina
5 months ago
I remember studying IDS systems, and I think a network-based IDS would be the best choice for monitoring all traffic.
upvoted 0 times
...
Jesusa
5 months ago
I'm not entirely sure, but I feel like a host-based IDS might only monitor individual machines, not the entire network.
upvoted 0 times
...
Dalene
5 months ago
The WFM Daemon is an interesting choice, but I don't think that's the right answer. I'm leaning towards either A or B, but I'll need to double-check the details to be sure.
upvoted 0 times
...
Christene
5 months ago
Okay, I think I've got a strategy for this. I'll focus on the policies that account for the performance of all previous runs, not just the best one.
upvoted 0 times
...
Tandra
5 months ago
Okay, let's see. I remember from the course material that a realm is a logical definition of a network or group of networks. So statement C seems like it could be true. I'm a bit unsure about the other options, though.
upvoted 0 times
...

Save Cancel