CISM Certified Information Security Manager – Question0948 - CISM Certified Information Security Manager

The BEST way to determine if an anomaly-based intrusion detection system (IDS) is properly installed is to:

A. simulate an attack and review IDS performance.
B. use a honeypot to check for unusual activity.
C. audit the configuration of the IDS.
D. benchmark the IDS against a peer site.

Correct Answer: A

Explanation:

Explanation:
Simulating an attack on the network demonstrates whether the intrusion detection system (IDS) is properly tuned. Reviewing the configuration may or may not reveal weaknesses since an anomaly-based system uses trends to identify potential attacks. A honeypot is not a good first step since it would need to have already been penetrated. Benchmarking against a peer site would generally not be practical or useful.