nerdexam
GIAC

GSEC · Question #359

GSEC Question #359: Real Exam Question with Answer & Explanation

The correct answer is C. B, D, and E. NIDS advantages include providing network traffic visibility, generating logs for use in other security controls, and being relatively inexpensive to manage, but NIDS cannot inspect encrypted traffic and is not a network operations diagnostic tool.

Question

Which of the following are advantages of Network Intrusion Detection Systems (NIDS)? (A) Analysis of encrypted traffic (B) Provide insight into network traffic (C) Detection of network operations problems (D) Provide logs of network traffic that can be used as part of other security measures. (E) Inexpensive to manage

Options

  • AB, C, and D
  • BA, C, and E
  • CB, D, and E
  • DA, B, and C

Explanation

NIDS advantages include providing network traffic visibility, generating logs for use in other security controls, and being relatively inexpensive to manage, but NIDS cannot inspect encrypted traffic and is not a network operations diagnostic tool.

Common mistakes.

  • A. This grouping includes option A (encrypted traffic analysis), which is a well-known NIDS limitation - without decryption capabilities, NIDS cannot inspect payload contents of encrypted sessions such as TLS.
  • B. This grouping includes option A (encrypted traffic analysis) as an advantage, which is factually incorrect, and omits option E (cost-effectiveness), which is a recognized benefit of NIDS over HIDS deployments.
  • D. This grouping also includes option A (encrypted traffic analysis) as an advantage, which is a limitation not a capability, and pairs it with options B and C rather than the correct set.

Concept tested. NIDS capabilities, advantages, and limitations

Reference. https://csrc.nist.gov/publications/detail/sp/800-94/final

Community Discussion

No community discussion yet for this question.

Sign up to join the discussion
Full GSEC Practice