Just for sharing and fun...
How to answer confusing questions?
One answer is elimination and the 2nd answer seems to be leave it on luck.
Stumbled on below question:
Q. Which of the following is a network security device that monitors network activities for malicious or unwanted behaviour?
In this we need to choose just 1 answer but in my knowledge and opinion, the question is very generic and open to interpretation. I wont mind choosing A, B or C or all 3. I think such questions are not well formed and are rare on well written certification exams. I just ignored it.
By the way, the resource says IPS as the right answer. Funny.
Probably I am not sure if there is an order of preference in the above question that makes IPS as the right answer.
In order of being most effective to least effective, IPS >> IDS >> Firewall. So, in a question, if all three are present, probably choosing IPS makes a better choice since it is the most effective out of others.
There is no explanation given but above is my own explanation if I have to agree on the answer.
I had a question on my exam that showed a bracket that I could visualize being used to mount an AP to a pole OR to mount a lightning arrestor to a ground rod. With no sense of scale I couldn't decide which was the right answer and frankly, I still don't know. Don't really care because I passed, but that's a different issue.
Anyway, after doing a lot of flash cards and practice tests, plus asking some questions here to get some insight into how the test writers think, this is how I would evaluate the question:
- Firewalls are not really directly related to wireless.
- WEP isn't really about intrusion detection or prevention and isn't a device in any case.
- With WIDS and WIPS both in the choices, it seems they want to know if I understand the distinction between them.
Of course, that's where I run into the same problem you did. The correct answer would seem to be WIDS. A WIDS server is certainly a device and one of the things it does is behavior analysis, which ties back to the question via the word behavior.
WIPS is more concerned with categorizing devices into Known, Unknown, Infrastructure and Rogue. Still, it does seem that the difference is more about marketing than technology.
You're right. Some questions are confusing. Still, at least reasoning it out got you to a 1:2 probability instead of 1:4.
Now I would have leaned toward WIDS as well because it never says that it would respond and do something about what it finds. As far as I know, WIPS actually responds and tries to limit, or eliminate the threat. WIDS only can detect and warn you about it.
As I just got done taking some chapter tests for the CWAP, I came across an answer I didn't think was right, it wasn't right. Although I still think having some wrong answers here and there is a funny way to make you make sure of the answer, are we for sure that WIPS is the correct answer hehe.