ISC2 Systems Security Certified Practitioner (SSCP) Practice Question
A security team must enable a host-based intrusion prevention system (HIPS) on a group of on-premises database servers that receive weekly operating-system patches and occasionally run new in-house utilities. Management's top priority is catching previously unknown (zero-day) attacks, but administrators also want to limit false positives caused by normal system updates. Which HIPS configuration best satisfies these requirements?
Rely exclusively on signature-based detection with daily signature updates from the vendor.
Run both signature and behavior engines in aggressive mode without baselining to maximize detection sensitivity.
Enable the HIPS behavior-based (anomaly) engine and build a baseline that learns normal patching and utility execution patterns.
Disable host intrusion prevention and use the network IPS to monitor for exploits targeting the servers.
Behaviour-based (also called anomaly or heuristic) HIPS engines monitor system calls, process behavior, registry changes, and other host activities to create a baseline of normal operation. Because they look for deviations from this baseline rather than matching events against a fixed library of known attack signatures, they can detect previously unseen or zero-day exploits. Signature-based engines are fast and accurate for known threats but cannot recognize novel attacks; they also require continuous signature updates and still miss zero-days. Relying solely on network IPS or disabling the behavioral engine would leave hosts blind to local, fileless, or encrypted attacks that never cross the network. Combining both engines without tuning the behavioral component increases the chance of alerts during routine patching and software changes. Therefore, enabling the behavior-based (anomaly) detection engine while tuning its baseline to the servers' normal patching and utility execution patterns offers the best balance of zero-day visibility with controlled false positives.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is a host-based intrusion prevention system (HIPS)?
Open an interactive chat with Bash
What are zero-day attacks and why are they hard to detect?
Open an interactive chat with Bash
How does baseline tuning help reduce false positives in behavior-based HIPS?
Open an interactive chat with Bash
ISC2 Systems Security Certified Practitioner (SSCP)
Systems and Application Security
Your Score:
Report Issue
Bash, the Crucial Exams Chat Bot
AI Bot
Loading...
Loading...
Loading...
Pass with Confidence.
IT & Cybersecurity Package
You have hit the limits of our free tier, become a Premium Member today for unlimited access.
Military, Healthcare worker, Gov. employee or Teacher? See if you qualify for a Community Discount.
Monthly
$19.99 $11.99
$11.99/mo
Billed monthly, Cancel any time.
$19.99 after promotion ends
3 Month Pass
$44.99 $26.99
$8.99/mo
One time purchase of $26.99, Does not auto-renew.
$44.99 after promotion ends
Save $18!
MOST POPULAR
Annual Pass
$119.99 $71.99
$5.99/mo
One time purchase of $71.99, Does not auto-renew.
$119.99 after promotion ends
Save $48!
BEST DEAL
Lifetime Pass
$189.99 $113.99
One time purchase, Good for life.
Save $76!
What You Get
All IT & Cybersecurity Package plans include the following perks and exams .