Systems Security Certified Practitioner – SSCP – Question0435 - Systems Security Certified Practitioner

Which of the following reviews system and event logs to detect attacks on the host and determine if the attack was successful?

A. host-based IDS
B. firewall-based IDS
C. bastion-based IDS
D. server-based IDS

Correct Answer: A

Explanation:

A host-based IDS can review the system and event logs in order to detect an attack on the host and to determine if the attack was successful. Source: KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, 2001, John Wiley & Sons, Page 48.