iSACA Cybersecurity Fundamentals Certification Practice Exam

Which of the following does NOT describe a function of an Intrusion Prevention System?

• A. Preventing attacks on victim hosts
• B. Detecting network anomalies
• C. Notifying administrators of breaches
• D. Providing data encryption

The correct answer is: Providing data encryption

An Intrusion Prevention System (IPS) is primarily designed to monitor network traffic and prevent intrusions by analyzing data packets and taking actions against identified threats. It performs several key functions within a cybersecurity framework. Preventing attacks on victim hosts is a core operational feature of an IPS. It actively blocks malicious traffic and prevents it from affecting systems, thereby ensuring the safety of the victim hosts. Detecting network anomalies is also a fundamental capability of an IPS. It identifies unusual patterns that may indicate a potential intrusion or attack, helping to maintain the integrity of the network. Notifying administrators of breaches is part of the IPS functionality as well. When a threat is detected or a prevention action is taken, an IPS typically alerts network administrators to the incident, enabling them to respond promptly to security events. In contrast, providing data encryption is not a function of an IPS. Data encryption serves the purpose of securing data in transit or at rest, ensuring that unauthorized individuals cannot access the information. This task falls under different security mechanisms such as VPNs (Virtual Private Networks) or other encryption protocols rather than the operational scope of an IPS, which focuses on intrusion detection and prevention. Therefore, the characteristic that does not describe a function of an Intrusion Prevention System is the provision