What does HIDS do with detected intrusions?

Unlock all questions

This demo includes only 20 questions. Upgrade to access hundreds of questions, flashcards, exam simulations, and disable ads.

Full question bankExam simulationsFlashcards
From $9.99Unlock all

Prepare for the DSAC Annex F Test with comprehensive flashcards and multiple choice questions. Access hints and explanations for each question to ensure you’re ready for your exam!

Multiple Choice

What does HIDS do with detected intrusions?

Explanation:
A host-based intrusion detection system focuses on monitoring and logging activity on a single computer and then alerting when something looks suspicious. It keeps an audit trail of events like unusual logins, unexpected file changes, or odd process behavior, so you have the evidence needed for investigation. When it detects a potential intrusion, it notifies the designated authority or security team (often feeding alerts to a SIEM) to enable a rapid response. This combination of detection, logging, and alerting is what makes HIDS valuable for post-incident analysis and ongoing protection. The other options don’t fit because blocking all traffic from a source is the job of a firewall or an intrusion-prevention system, not a host-based detector that emphasizes observation and alerting. Erasing logs would defeat the purpose of monitoring and forensics, and uploading data to the cloud only isn’t the primary function of HIDS.

A host-based intrusion detection system focuses on monitoring and logging activity on a single computer and then alerting when something looks suspicious. It keeps an audit trail of events like unusual logins, unexpected file changes, or odd process behavior, so you have the evidence needed for investigation. When it detects a potential intrusion, it notifies the designated authority or security team (often feeding alerts to a SIEM) to enable a rapid response. This combination of detection, logging, and alerting is what makes HIDS valuable for post-incident analysis and ongoing protection.

The other options don’t fit because blocking all traffic from a source is the job of a firewall or an intrusion-prevention system, not a host-based detector that emphasizes observation and alerting. Erasing logs would defeat the purpose of monitoring and forensics, and uploading data to the cloud only isn’t the primary function of HIDS.

More Multiple Choice Questions
Subscribe

Get the latest from Examzify

You can unsubscribe at any time. Read our privacy policy