A company has deployed a security appliance that passively analyzes packets traversing the perimeter network. The device compares traffic against a database of signatures and, when it detects malicious activity, sends an alert to the SOC for investigation but does not drop the packets. Which of the following BEST describes this control?
It provides detailed reports of system performance for auditing purposes.
It blocks unauthorized access by filtering incoming network traffic.
It monitors network traffic for suspicious activities and alerts administrators.
It encrypts data to prevent unauthorized access during transmission.
An Intrusion Detection System (IDS) passively monitors network or system traffic for malicious actions or policy violations. Its primary role is to detect suspicious behavior and generate alerts so administrators can respond. Because it does not sit inline to block or filter packets, it is classified as a detective-not preventive-control. Encryption protects data confidentiality, firewalls or IPSs block unauthorized traffic, and performance audit tools generate usage statistics rather than identify threats.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.