CERTIFIED-IN-CYBERSECURITY Question #476: Real Exam Question with Answer & Explanation

Question

What is the PRIMARY difference between an intrusion detection system (IDS) and an intrusion prevention system (IPS)?

Options

• AIPS can block network traffic, but IDS can't
• BIDS is software-based, while IPS is hardware-based
• CIDS detects malware, but IPS doesn't
• DIPS is parallel to the traffic, while IDS is in-line

Explanation

An intrusion prevention system (IPS) has the ability to block or prevent malicious network traffic, while an intrusion detection system (IDS) can only detect and alert to the intrusion, but cannot take action to prevent it. For example, if a network is bombarded with a Distributed Denial of Service (DDoS) attack, an IPS can identify the malicious traffic and block it from entering the network, while an IDS would only detect and alert about the attack. The other options are incorrect for the following reasons. Both IDS and IPS can be either software-based or hardware- based. Therefore, the statement that IDS is software-based while IPS is hardware-based is incorrect. The positioning of IDS and IPS in the network can vary depending on the network design and security requirements, so stating that IPS is parallel to the traffic while IDS is in-line is also incorrect. IDS and IPS can detect malware, so to say that IDS detects malware and IPS doesn't is inaccurate. Both systems are designed to identify threats, but the key difference is in their response capabilities.

No community discussion yet for this question.