Systems Security Certified Practitioner – SSCP – Question0456

Which of the following Intrusion Detection Systems (IDS) uses a database of attacks, known system vulnerabilities, monitoring current attempts to exploit those vulnerabilities, and then triggers an alarm if an attempt is found?

A.
Knowledge-Based ID System
B. Application-Based ID System
C. Host-Based ID System
D. Network-Based ID System

Correct Answer: A

Explanation:

Knowledge-based Intrusion Detection Systems use a database of previous attacks and known system vulnerabilities to look for current attempts to exploit their vulnerabilities, and trigger an alarm if an attempt is found. Source: KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, 2001, John Wiley & Sons, Page 87.
Application-Based ID System -“a subset of HIDS that analyze what’s going on in an application using the transaction log files of the application.” Source: Official ISC2 CISSP CBK Review Seminar Student Manual Version 7.0 p. 87
Host-Based ID System -“an implementation of IDS capabilities at the host level. Its most significant difference from NIDS is intrusion detection analysis, and related processes are limited to the boundaries of the host.” Source: Official ISC2 Guide to the CISSP CBK -p. 197
Network-Based ID System -“a network device, or dedicated system attached to teh network, that monitors traffic traversing teh network segment for which it is integrated.” Source: Official ISC2 Guide to the CISSP CBK -p. 196