SSCP Question #354: Real Exam Question with Answer & Explanation

Question

Which one of the following statements about the advantages and disadvantages of network- based Intrusion detection systems is true

Options

• ANetwork-based IDSs are not vulnerable to attacks.
• BNetwork-based IDSs are well suited for modern switch-based networks.
• CMost network-based IDSs can automatically indicate whether or not an attack was
• DThe deployment of network-based IDSs has little impact upon an existing network.

Explanation

Network-based IDSs are usually passive devices that listen on a network wire without interfering with the normal operation of a network. Thus, it is usually easy to retrofit a network to include network-based IDSs with minimal effort. Network-based IDSs are not vulnerable to attacks is not true, even thou network-based IDSs can be made very secure against attack and even made invisible to many attackers they still have to read the packets and sometimes a well crafted packet might exploit or kill your capture engine. Network-based IDSs are well suited for modern switch-based networks is not true as most switches do not provide universal monitoring ports and this limits the monitoring range of a network-based IDS sensor to a single host. Even when switches provide such monitoring ports, often the single port cannot mirror all traffic traversing the switch. Most network-based IDSs can automatically indicate whether or not an attack was successful is not true as most network-based IDSs cannot tell whether or not an attack was successful; they can only discern that an attack was initiated. This means that after a network-based IDS detects an attack, administrators must manually investigate each attacked host to determine whether it was indeed penetrated.

No community discussion yet for this question.