Which system continuously monitors a network and can take action to prevent malicious activity?

An Intrusion Prevention System (IPS) is designed specifically to continuously monitor network traffic and take proactive actions to prevent any identified malicious activity. Unlike an Intrusion Detection System (IDS), which primarily focuses on detecting and alerting about potential threats, the IPS goes further by implementing measures to block or mitigate these threats in real-time. This capability makes the IPS a critical defense mechanism in network security, as it not only identifies anomalies but also responds immediately to prevent potential breaches or attacks.

In contrast, while a Host-based Intrusion Prevention System (HIPS) operates on individual hosts (like servers or workstations) to protect them from threats, the IPS functions at a broader network level. Similarly, a Network-Based Intrusion Detection System (NIDS) monitors network traffic for suspicious activity but does not have the ability to take preventive measures against detected threats. Therefore, the classification of the IPS as a system that continuously monitors and actively intervenes makes it the correct choice in this context.