nerdexam
(ISC)2

CISSP · Question #248

How does a Host Based Intrusion Detection System (HIDS) identify a potential attack?

The correct answer is A. Examines log messages or other indications on the system.. According to the CISSP All-in-One Exam Guide3, a Host Based Intrusion Detection System (HIDS) identifies a potential attack by examining log messages or other indications on the system. This means that a HIDS is a type of intrusion detection system that monitors the activities an

Submitted by lukas.cz· Mar 5, 2026Security Operations

Question

How does a Host Based Intrusion Detection System (HIDS) identify a potential attack?

Options

  • AExamines log messages or other indications on the system.
  • BMonitors alarms sent to the system administrator
  • CMatches traffic patterns to virus signature files
  • DExamines the Access Control List (ACL)

How the community answered

(24 responses)
  • A
    96% (23)
  • B
    4% (1)

Explanation

According to the CISSP All-in-One Exam Guide3, a Host Based Intrusion Detection System (HIDS) identifies a potential attack by examining log messages or other indications on the system. This means that a HIDS is a type of intrusion detection system that monitors the activities and events that occur on a specific host, such as a server or a workstation, and analyzes them for signs of malicious or unauthorized behavior. A HIDS can examine various sources of data on the host, such as system logs, audit trails, registry entries, file system changes, network connections, and so on. A HIDS does not identify a potential attack by monitoring alarms sent to the system administrator, as this is a function of the intrusion detection system management console, which receives and displays the alerts generated by the HIDS. A HIDS does not identify a potential attack by matching traffic patterns to virus signature files, as this is a function of an antivirus software, which scans the incoming and outgoing data for known malware signatures. A HIDS does not identify a potential attack by examining the Access Control List (ACL), as this is a mechanism that defines the permissions and restrictions for accessing a resource, not a source of intrusion detection data.

Topics

#HIDS#intrusion detection#log analysis#security monitoring

Community Discussion

No community discussion yet for this question.

Full CISSP Practice