Which security role would most likely trigger an alert when suspicious executable files are present on a workstation?

Unlock all questions

This demo includes only 20 questions. Upgrade to access hundreds of questions, flashcards, exam simulations, and disable ads.

Full question bankExam simulationsFlashcards
From $9.99Unlock all

Prepare for the EC-Council Certified Ethical Hacker (CEH) Exam. Use flashcards and multiple-choice questions with hints and explanations. Enhance your cyber security knowledge and get ready for the exam!

Multiple Choice

Which security role would most likely trigger an alert when suspicious executable files are present on a workstation?

Explanation:
Monitoring a single workstation from within the host itself is the right approach for spotting unwanted or suspicious executable files. A host-based IDS sits on the workstation and watches for changes on that host—new or altered executables, unusual file attributes, unexpected process activity, and other integrity issues. It can apply signatures or behavior-based rules to trigger alerts specifically when a suspicious file is detected on that machine. In contrast, a network-based IDS looks at traffic between systems and may catch malicious activity leaving or entering the network, but it won’t directly reveal files stored on the workstation. A SIEM aggregates and analyzes logs from many sources, which helps with overall security monitoring, but it relies on feed from endpoints to detect local file changes. A firewall focuses on filtering network traffic and doesn’t monitor the presence of executables on a workstation. So, the component best suited to alert on suspicious executables on a workstation is the host-based IDS.

Monitoring a single workstation from within the host itself is the right approach for spotting unwanted or suspicious executable files. A host-based IDS sits on the workstation and watches for changes on that host—new or altered executables, unusual file attributes, unexpected process activity, and other integrity issues. It can apply signatures or behavior-based rules to trigger alerts specifically when a suspicious file is detected on that machine.

In contrast, a network-based IDS looks at traffic between systems and may catch malicious activity leaving or entering the network, but it won’t directly reveal files stored on the workstation. A SIEM aggregates and analyzes logs from many sources, which helps with overall security monitoring, but it relies on feed from endpoints to detect local file changes. A firewall focuses on filtering network traffic and doesn’t monitor the presence of executables on a workstation. So, the component best suited to alert on suspicious executables on a workstation is the host-based IDS.

More Multiple Choice Questions
Subscribe

Get the latest from Examzify

You can unsubscribe at any time. Read our privacy policy