Exam CAS-004 topic 1 question 12 discussion

A. NIDS A NIPS will drop false positives. https://owasp.org/www-community/controls/Intrusion_Detection

NIDS will not drop traffic

The correct answer is A) NIDS (Network Intrusion Detection System). ✅ Explanation: NIDS (Network Intrusion Detection System) monitors network traffic for suspicious activity without actively blocking traffic. Since it only detects and alerts, it does not introduce the risk of dropping legitimate traffic.

NIDS is passive

It provides monitoring and alerting capabilities without actively interfering with the traffic flow, thereby ensuring legitimate traffic is not droppe

NIDS stands for Network Intrusion Detection System. This system monitors the traffic on the network for any suspicious activity and sends alerts when such activity is detected. It's a passive system, meaning it won't take any action other than alerting the specified recipients. The key point here is that NIDS does not affect the availability of the company's services. It does not block any traffic itself, even if it's malicious. This ensures that false positives (legitimate traffic that is incorrectly flagged as malicious) do not disrupt the company's services. In contrast, a Network Intrusion Prevention System (NIPS), a Web Application Firewall (WAF), and a Reverse Proxy could potentially block traffic, which could lead to service disruption if there are false positives. Therefore, NIDS would be the best choice given the company's requirements.

Given the requirement that the solution cannot affect the availability of the company's services to ensure false positives do not drop legitimate traffic, the most suitable option is: C. WAF (Web Application Firewall) Explanation: WAF (Web Application Firewall): A WAF is designed to protect web applications from various attacks, including SQL injection, cross-site scripting (XSS), and other web-based threats. It operates at the application layer and can filter, monitor, and block HTTP traffic between a web application and the Internet. WAFs are generally configured to minimize false positives and ensure legitimate traffic is not disrupted.

NIDS = Snort/Suricata = Passive Alerting It will not affect the network; all the others run that risk. Source: Verifying each answer against Chat GPT, my experience, other test banks, a written book, and weighing in the discussion from all users to create a 100% accurate guide for myself before I take the exam. (It isn't easy because of the time needed, but it is doing my diligence)

A. NIDS A Network Intrusion Detection System (NIDS) would be the best fit for this scenario. NIDS monitors network traffic for suspicious activity or known threats and generates alerts when detected. It operates in a passive mode, simply monitoring and alerting, which means it wouldn't affect network availability as it does not take action to block or drop packets like a Network Intrusion Prevention System (NIPS) would. A Web Application Firewall (WAF) primarily focuses on application-layer threats, not network-level threats. A reverse proxy wouldn't be the best option either as it primarily aids in load balancing and distribution, it doesn't focus specifically on threat detection or prevention.

Network Intrusion Detection System: They are strategically located across the network to monitor traffic from all devices connected to the Internet. Primarily, it performs an analysis of passing traffic on the whole subnet and compares that information to a database of known threats. When it detects an assault or detects strange activity, it alerts the administrator.

I agree with A

NIDS won't drop false positives

So are these answers wrong on the actual test or just wrong in the study guide? I need to know which answers will lead to a successful exam, not necessarily which answer is "correct".

A is correct. Prevention drops, Detection warns.

Keyword is Network Infrastructure that does NOT affect the availability.

NIPS monitors the network and protects its privacy, integrity, and availability.

Answer is A. NIDS