Systems Security Certified Practitioner – SSCP – Question0456
Which of the following Intrusion Detection Systems (IDS) uses a database of attacks, known system vulnerabilities, monitoring current attempts to exploit those vulnerabilities, and then triggers an alarm if an attempt is found? A. Knowledge-Based ID System B. Application-Based ID System C. Host-Based ID System D. Network-Based ID System
Correct Answer: A
Explanation:
Knowledge-based Intrusion Detection Systems use a database of previous attacks and known system vulnerabilities to look for current attempts to exploit their vulnerabilities, and trigger an alarm if an attempt is found. Source: KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, 2001, John Wiley & Sons, Page 87.
Application-Based ID System -“a subset of HIDS that analyze what’s going on in an application using the transaction log files of the application.” Source: Official ISC2 CISSP CBK Review Seminar Student Manual Version 7.0 p. 87
Host-Based ID System -“an implementation of IDS capabilities at the host level. Its most significant difference from NIDS is intrusion detection analysis, and related processes are limited to the boundaries of the host.” Source: Official ISC2 Guide to the CISSP CBK -p. 197
Network-Based ID System -“a network device, or dedicated system attached to teh network, that monitors traffic traversing teh network segment for which it is integrated.” Source: Official ISC2 Guide to the CISSP CBK -p. 196
Please disable your adblocker or whitelist this site!