312-50V13 · Question #176
312-50V13 Question #176: Real Exam Question with Answer & Explanation
The correct answer is C: Host-based IDS. A Host-based IDS (HIDS) is best suited for Tremp's needs because it monitors system activities locally, detects attacks missed by network-based systems, offers real-time detection, and leverages existing host resources, thus lowering hardware costs.
Question
Tremp is an IT Security Manager, and he is planning to deploy an IDS in his small company. He is looking for an IDS with the following characteristics: - Verifies success or failure of an attack - Monitors system activities Detects attacks that a network-based IDS fails to detect - Near real- time detection and response - Does not require additional hardware - Lower entry cost Which type of IDS is best suited for Tremp's requirements?
Options
- AGateway-based IDS
- BNetwork-based IDS
- CHost-based IDS
- DOpen source-based
Explanation
A Host-based IDS (HIDS) is best suited for Tremp's needs because it monitors system activities locally, detects attacks missed by network-based systems, offers real-time detection, and leverages existing host resources, thus lowering hardware costs.
Common mistakes.
- A. Gateway-based IDS is not a standard classification; IDS typically operate at the host or network level.
- B. Network-based IDS (NIDS) monitors network traffic but cannot monitor internal host activities, verify attack success on the host, or inspect encrypted traffic, which contradicts Tremp's requirements. NIDS often requires dedicated hardware.
- D. Open source-based describes the licensing model, not the deployment type (host vs. network). Both HIDS and NIDS can be open source.
Concept tested. Host-based IDS characteristics and deployment
Reference. https://learn.microsoft.com/en-us/security/benchmark/azure/baselines/intrusion-detection-system
Topics
Community Discussion
No community discussion yet for this question.