Your organization currently uses a network-based intrusion detection system that only generates alerts when it sees suspicious activity. Management wants the control to block malicious packets inline so threats are stopped automatically. Which security appliance should you implement to meet this requirement?
Harden the public key infrastructure (PKI) with stronger certificate policies
Extend the existing security information and event management (SIEM) platform
Deploy an intrusion prevention system (IPS)
Implement a data loss prevention (DLP) gateway at the network edge
An intrusion prevention system (IPS) sits inline with network traffic, inspects each packet, and can automatically drop or rewrite malicious traffic. This adds proactive enforcement that an IDS or SIEM cannot provide. A DLP gateway focuses on preventing sensitive data from leaving the network, while a SIEM aggregates and correlates logs for analysis, and PKI handles encryption and certificate-based authentication-none of these operate inline to block hostile packets in real time.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is an Intrusion Prevention System (IPS)?
Open an interactive chat with Bash
How does an IPS differ from a DLP system?
Open an interactive chat with Bash
Why isn’t a SIEM system suitable for proactive threat mitigation?