Where should intrusion-detection and intrusion-prevention systems be deployed?

Unlock all questions

This demo includes only 20 questions. Upgrade to access hundreds of questions, flashcards, exam simulations, and disable ads.

Full question bankExam simulationsFlashcards
From $9.99Unlock all

Prepare for the PCI Approved Scanning Vendor ASV exam with our comprehensive study tools. Use flashcards and multiple choice questions, each with hints and explanations, to ace your test!

Multiple Choice

Where should intrusion-detection and intrusion-prevention systems be deployed?

Explanation:
Monitoring the network with intrusion-detection and intrusion-prevention systems needs to be layered to catch threats at multiple points. Placing these systems at the edge of the cardholder data environment helps detect attacks as they try to enter from outside, while placing them at internal points where sensitive data flows or where systems connect to other segments provides visibility into lateral movement and suspicious activity once an attacker breaches the perimeter. This approach gives comprehensive coverage—external threats are caught at the boundary and internal threats or post-breach activity are detected inside. Relying only on the perimeter leaves internal traffic unmonitored, and focusing only on internal networks misses the initial intrusion from outside. Deploying on every workstation is impractical and inefficient. So the best approach is to deploy IDS/IPS at the CDE perimeter and at critical internal points.

Monitoring the network with intrusion-detection and intrusion-prevention systems needs to be layered to catch threats at multiple points. Placing these systems at the edge of the cardholder data environment helps detect attacks as they try to enter from outside, while placing them at internal points where sensitive data flows or where systems connect to other segments provides visibility into lateral movement and suspicious activity once an attacker breaches the perimeter. This approach gives comprehensive coverage—external threats are caught at the boundary and internal threats or post-breach activity are detected inside. Relying only on the perimeter leaves internal traffic unmonitored, and focusing only on internal networks misses the initial intrusion from outside. Deploying on every workstation is impractical and inefficient. So the best approach is to deploy IDS/IPS at the CDE perimeter and at critical internal points.

More Multiple Choice Questions
Subscribe

Get the latest from Examzify

You can unsubscribe at any time. Read our privacy policy