312-50V10 · Question #724
Which of the following statements is FALSE with respect to Intrusion Detection Systems?
The correct answer is A. Intrusion Detection Systems can easily distinguish a malicious payload in an encrypted traffic. IDS cannot inspect encrypted traffic payloads because the content is obfuscated, making signature-based and deep packet inspection ineffective without a decryption layer.
Question
Which of the following statements is FALSE with respect to Intrusion Detection Systems?
Options
- AIntrusion Detection Systems can easily distinguish a malicious payload in an encrypted traffic
- BIntrusion Detection Systems can examine the contents of the data in context of the network
- CIntrusion Detection Systems can be configured to distinguish specific content in network packets
- DIntrusion Detection Systems require constant update of the signature library
How the community answered
(60 responses)- A88% (53)
- B3% (2)
- C7% (4)
- D2% (1)
Why each option
IDS cannot inspect encrypted traffic payloads because the content is obfuscated, making signature-based and deep packet inspection ineffective without a decryption layer.
This statement is FALSE because standard IDS engines perform deep packet inspection on plaintext data; when traffic is encrypted via TLS/SSL, the IDS cannot read the payload to match signatures or identify malicious content without an out-of-band decryption mechanism. This is a well-known architectural limitation that attackers exploit by tunneling malicious payloads over HTTPS or other encrypted protocols.
This is TRUE - network-based IDS examines data contents in context of the protocol stack, which is a core function of both signature-based and anomaly-based detection.
This is TRUE - IDS platforms support custom rules and signatures that match specific byte sequences, strings, or patterns within packet payloads.
This is TRUE - signature-based IDS depends on a continuously updated signature database to detect newly discovered exploits, malware, and attack patterns.
Concept tested: IDS limitations with encrypted network traffic
Source: https://csrc.nist.gov/publications/detail/sp/800-94/final
Topics
Community Discussion
No community discussion yet for this question.