Question 0438 - Systems Security Certified Practitioner

Which of the following is an issue with signature-based intrusion detection systems?

A. Only previously identified attack signatures are detected.
B. Signature databases must be augmented with inferential elements.
C. It runs only on the windows operating system
D. Hackers can circumvent signature evaluations.

Correct Answer: A

Explanation:

An issue with signature-based ID is that only attack signatures that are stored in their database are detected.
New attacks without a signature would not be reported. They do require constant updates in order to maintain their effectiveness.
Reference used for this question: KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, 2001, John Wiley & Sons, Page 49.

Systems Security Certified Practitioner – SSCP

Tag: Question 0438

Systems Security Certified Practitioner – SSCP – Question0438