139k views
5 votes
Which of the following is true for a host-based intrusion detection system (HIDS)?

A. It monitors an entire network.
B. It monitors a single system.
C. It's invisible to attackers and authorized users.
D. It cannot detect malicious code.

1 Answer

3 votes

Final answer:

The true statement for a host-based intrusion detection system (HIDS) is that it monitors a single system. A HIDS focuses on activities within one computing system, not the entire network, which makes statement B correct.

Step-by-step explanation:

The answer to the question about which statement is true for a host-based intrusion detection system (HIDS) is: B. It monitors a single system. A HIDS is designed to monitor and analyze the internals of a computing system rather than looking at network traffic. It usually examines system calls, application logs, file-system modifications (such as rootkit installations and other malicious changes), and other host activities. Therefore, it is specific to one host, not the entire network. A network-based IDS (NIDS), on the other hand, monitors network traffic.

HIDS is not invisible to attackers. Skilled attackers may be able to detect and disable HIDS. Additionally, a HIDS can detect malicious code if it is designed to look for and identify such activities, which refutes option D.

User Christian Melchior
by
7.1k points
Welcome to QAmmunity.org, where you can ask questions and receive answers from other members of our community.