Which of the following statements about a host-based intrusion prevention system (HIPS) are true?
Each correct answer represents a complete solution. Choose two.
A host-based intrusion prevention system (HIPS) is an application usually employed on a single computer. It complements traditional finger-
print-based and heuristic antivirus detection methods, since it does not need continuous updates to stay ahead of new malware. When a
malicious code needs to modify the system or other software residing on the machine, a HIPS system will notice some of the resulting changes
and prevent the action by default or notify the user for permission. It can handle encrypted and unencrypted traffic equally and cannot detect
events scattered over the network.
Answer B is incorrect. Network address translation (NAT) is a technique that allows multiple computers to share one or more IP
addresses. NAT is configured at the server between a private network and the Internet. It allows the computers in a private network to share
a global, ISP assigned address. NAT modifies the headers of packets traversing the server. For packets outbound to the Internet, it translates
the source addresses from private to public, whereas for packets inbound from the Internet, it translates the destination addresses from
public to private.
Answer A is incorrect. Network intrusion prevention system (NIPS) is a hardware/software platform that is designed to analyze, detect,
and report on security related events. NIPS is designed to inspect traffic and based on its configuration or security policy, it can drop malicious
traffic. NIPS is able to detect events scattered over the network and can react.
Currently there are no comments in this discussion, be the first to comment!