A host-based intrusion detection system (IDS):
A)uses rules to analyze suspicious activity at the perimeter of a network or at key locations in the network.
B)resides on the server that is being monitored where it can detect whether critical or security-related files have been tampered with or whether a user has attempted to access files that he or she is not authorized to use.
C)can perform certain actions when an attack occurs,such as terminating network connections based on security policies.
D)consists of information system resources-firewalls,routers,Web servers,database servers,and files that look like production systems,but do no real work.

Question

Quizplus · Accepted Answer

A host-based IDS is installed on a specific server and monitors that server for suspicious activity, such as file tampering or unauthorized access. It differs from a network-based IDS, which monitors the network activity between different hosts. A host-based IDS can also take actions on the server, such as blocking the user or terminating connections.

A Host-Based Intrusion Detection System (IDS)