Question

Which of the following is true for a host-based intrusion detection system (HIDS)?

A. It monitors an entire network.
B. It monitors a single system.
C. It's invisible to attackers and authorized users.
D. It cannot detect malicious code.

Answer 1

The true statement for a host-based intrusion detection system (HIDS) is that it monitors a single system. A HIDS focuses on activities within one computing system, not the entire network, which makes statement B correct.

Step-by-step explanation:

The answer to the question about which statement is true for a host-based intrusion detection system (HIDS) is: B. It monitors a single system. A HIDS is designed to monitor and analyze the internals of a computing system rather than looking at network traffic. It usually examines system calls, application logs, file-system modifications (such as rootkit installations and other malicious changes), and other host activities. Therefore, it is specific to one host, not the entire network. A network-based IDS (NIDS), on the other hand, monitors network traffic.

HIDS is not invisible to attackers. Skilled attackers may be able to detect and disable HIDS. Additionally, a HIDS can detect malicious code if it is designed to look for and identify such activities, which refutes option D.