An unknown source has attacked an organization’s network multiple times. The organization has a firewall but no other source of protection against these attacks. Which of the following is the best security item to add?
An Intrusion Prevention System (IPS) is the most effective addition when an organization already has a firewall but continues to face repeated external attacks. Security+ SY0-701 states that an IPS operates inline and automatically blocks malicious traffic in real time based on signatures, anomaly behavior, or heuristics. Whereas a firewall filters traffic by rules, an IPS detects and prevents deeper-level threats such as exploits, malware, and command-and-control attempts.
A UTM (C) includes IPS features, but it is typically used to replace a firewall with an all-in-one appliance. The question states the organization already has a firewall, so the most efficient addition is a standalone IPS. A SIEM (A) aggregates and analyzes logs but does not block attacks. A load balancer (B) distributes traffic for performance—not security.
Thus, the best item to stop active inbound attacks is D: IPS.
Contribute your Thoughts:
Chosen Answer:
This is a voting comment (?). You can switch to a simple comment. It is better to Upvote an existing comment if you don't have anything to add.
Submit