312-50V10 · Question #740
Tremp is an IT Security Manager, and he is planning to deploy an IDS in his small company. He is looking for an IDS with the following characteristics: -Verifies success or failure of an attack - Moni
The correct answer is C. Host-based IDS. Host-based IDS (HIDS) runs directly on endpoint systems, requiring no extra hardware and providing local visibility that network-based solutions cannot match.
Question
Tremp is an IT Security Manager, and he is planning to deploy an IDS in his small company. He is looking for an IDS with the following characteristics: -Verifies success or failure of an attack - Monitors system activities - Detects attacks that a network-based IDS fails to detect. - Near real- time detection and response - Does not require additional hardware - Lower entry cost. Which type of IDS is best suited for Tremp's requirements?
Options
- ANetwork-based IDS
- BOpen source-based IDS
- CHost-based IDS
- DGateway-based IDS
How the community answered
(17 responses)- A6% (1)
- C82% (14)
- D12% (2)
Why each option
Host-based IDS (HIDS) runs directly on endpoint systems, requiring no extra hardware and providing local visibility that network-based solutions cannot match.
Network-based IDS requires dedicated sensors or tap hardware on network segments, increases cost, and cannot verify attack success or failure on the endpoint because it only inspects packet traffic.
Open source-based IDS describes a licensing model, not a deployment architecture, so it does not define how the system monitors activity or where it is placed.
A host-based IDS installs on the monitored system itself, eliminating the need for dedicated hardware and reducing entry cost. It inspects OS logs, file system changes, and process activity, allowing it to verify whether an attack succeeded or failed and detect local threats such as privilege escalation that a network-based IDS never sees. Near real-time alerts are generated from system-level event monitoring without relying on network traffic capture.
Gateway-based IDS sits at the network perimeter and inspects traffic entering or leaving the network; it cannot monitor internal system activities or detect host-level attacks that do not traverse the gateway.
Concept tested: Host-based IDS characteristics and deployment advantages
Source: https://csrc.nist.gov/publications/detail/sp/800-94/final
Topics
Community Discussion
No community discussion yet for this question.