nerdexam
EC-Council

312-50V10 · Question #724

Which of the following statements is FALSE with respect to Intrusion Detection Systems?

The correct answer is A. Intrusion Detection Systems can easily distinguish a malicious payload in an encrypted traffic. IDS cannot inspect encrypted traffic payloads because the content is obfuscated, making signature-based and deep packet inspection ineffective without a decryption layer.

Evading IDS, Firewalls, and Honeypots

Question

Which of the following statements is FALSE with respect to Intrusion Detection Systems?

Options

  • AIntrusion Detection Systems can easily distinguish a malicious payload in an encrypted traffic
  • BIntrusion Detection Systems can examine the contents of the data in context of the network
  • CIntrusion Detection Systems can be configured to distinguish specific content in network packets
  • DIntrusion Detection Systems require constant update of the signature library

How the community answered

(60 responses)
  • A
    88% (53)
  • B
    3% (2)
  • C
    7% (4)
  • D
    2% (1)

Why each option

IDS cannot inspect encrypted traffic payloads because the content is obfuscated, making signature-based and deep packet inspection ineffective without a decryption layer.

AIntrusion Detection Systems can easily distinguish a malicious payload in an encrypted trafficCorrect

This statement is FALSE because standard IDS engines perform deep packet inspection on plaintext data; when traffic is encrypted via TLS/SSL, the IDS cannot read the payload to match signatures or identify malicious content without an out-of-band decryption mechanism. This is a well-known architectural limitation that attackers exploit by tunneling malicious payloads over HTTPS or other encrypted protocols.

BIntrusion Detection Systems can examine the contents of the data in context of the network

This is TRUE - network-based IDS examines data contents in context of the protocol stack, which is a core function of both signature-based and anomaly-based detection.

CIntrusion Detection Systems can be configured to distinguish specific content in network packets

This is TRUE - IDS platforms support custom rules and signatures that match specific byte sequences, strings, or patterns within packet payloads.

DIntrusion Detection Systems require constant update of the signature library

This is TRUE - signature-based IDS depends on a continuously updated signature database to detect newly discovered exploits, malware, and attack patterns.

Concept tested: IDS limitations with encrypted network traffic

Source: https://csrc.nist.gov/publications/detail/sp/800-94/final

Topics

#IDS limitations#encrypted traffic#intrusion detection#signature library

Community Discussion

No community discussion yet for this question.

Full 312-50V10 Practice