312-50V9 Question #62: Real Exam Question with Answer & Explanation

Question

Options

• AThey do not use host system resources.
• BThey are placed at the boundary, allowing them to inspect all traffic.
• CThey are easier to install and configure.
• DThey will not interfere with user interfaces.

Explanation

A network-based IDS/IPS is a dedicated appliance that monitors traffic without running on protected hosts, leaving their CPU and memory fully available.

Common mistakes.

• B. While NIDS sensors are often placed at network boundaries, this placement is a deployment choice, not an inherent advantage; host-based IDS cannot inspect boundary-level traffic, but boundary placement alone is not identified as the main advantage over HIDS.
• C. Network-based IDS/IPS systems require more complex setup involving network taps, SPAN port configuration, or inline placement, making them generally harder to install and configure than a host-based agent.
• D. Both NIDS and HIDS can be designed to operate transparently with minimal impact on user-facing interfaces; this is not a distinguishing advantage that is specific to the network-based approach.

Concept tested. Network-based vs host-based IDS/IPS advantages

Reference. https://www.cisco.com/c/en/us/td/docs/security/ips/7-0/configuration/guide/idm/idm70guide/overview.html

No community discussion yet for this question.