Which three statements about host-based IPS are true? (Choose three.)
A . It can view encrypted files.
B . It can have more restrictive policies than network-based IP
D . It can generate alerts based on behavior at the desktop level.
E . It can be deployed at the perimeter.
F . It uses signature-based policies.
G . It works with deployed firewalls.
Answer: A,B,C
Explanation:
If the network traffic stream is encrypted, HIPS has access to the traffic in unencrypted form. HIPS can combine the best features of antivirus, behavioral analysis, signature filters, network firewalls, and application firewalls in one package. Host-based IPS operates by detecting attacks that occur on a host on which it is installed. HIPS works by intercepting operating system and application calls, securing the operating system and application configurations, validating incoming service requests, and analyzing local log files for after-the-fact suspicious activity.
Source: http://www.ciscopress.com/articles/article.asp?p=1336425&seqNum=3
Leave a Reply