SY0-401 question 9 discussion


An administrator would like to review the effectiveness of existing security in the enterprise.
Which of the following would be the BEST place to start?

  • A. Review past security incidents and their resolution
  • B. Rewrite the existing security policy
  • C. Implement an intrusion prevention system
  • D. Install honey pot systems
Created 3 months, 3 weeks ago by rmiles1


But how would implementing an intrusion prevention system review the effectiveness of existing security? Wouldn't that defeat the purpose of testing the equipment as it stands before any further precautions are taken?


Is there a way to use virtualization and try to find vulnerabilities without harming the actual network?


I agree with Rmiles1, I am little confused with answer even though the explaination make sense. Maybe the wording of the question need to be review.


this is the COMPTIA kind of question


indeed this is a real COMPTIA question type you should expect this is how they trick you on Exam.


I believe it's asking for the effectiveness. In that regard, a proactive IPS is very effective.


I think the key phrase is "best place to START". Past info doesn't really "start", does it?


Maybe this answer should be a IDS not IPS ?


IDS detects and reports, does not take action where IPS prevents the insecurity from working


I agree with you this should be IDS


I agree with Rmiles1, this answer doesn't make sense and maybe as others suggested re-writing the question would help a bit. "To review existing" you already a system in place and would like to make it better or harden the boundaries of defense !!


A tricky one. COMPTIA does this on purpose se we have to take it more than once. It is all about the money.


i think the key phrase is 'effectiveness of EXISTING security'


I agree it's confusing but I guess they use the intrusion prevention to "capture" whatever is getting past existing security? Tricky CompTIA!


The question says "REVIEW the EFFECTIVENESS of existing security". That is, in this case, I thought the administrator would like to simply ensure that the "existing security" is effective. How? TESTING it (somehow). Implementing an IPS, he only increases the ALREADY existing security. A little confusing... :/