CCSP Exam Prep | HIDS Monitoring: What's Not Included?

Which is NOT Monitored by HIDS?

Question

Which of the following is NOT something that an HIDS will monitor?

Answers

Explanations

Click on the arrows to vote for the correct answer

A. B. C. D.

B.

A host intrusion detection system (HIDS) monitors network traffic as well as critical system files and configurations.

An HIDS (Host-based Intrusion Detection System) is a security tool that monitors the activity on a single host or endpoint, looking for any signs of intrusion or unauthorized access. The purpose of an HIDS is to identify any potential security breaches or attacks that may occur on the host machine.

Here's a breakdown of the answer choices:

A. Configurations: An HIDS will monitor configurations on a host machine to identify any unauthorized changes that may be made. This includes system settings, file permissions, and other parameters that could affect the security of the system.

B. User logins: An HIDS will monitor user logins to detect any suspicious login activity. This includes failed login attempts, multiple logins from the same user, and logins outside of normal business hours.

C. Critical system files: An HIDS will monitor critical system files to detect any changes or modifications that may be made. This includes system files, configuration files, and application files.

D. Network traffic: This is the answer that is NOT something that an HIDS will monitor. Unlike network-based intrusion detection systems (NIDS), which monitor network traffic for suspicious activity, HIDS only monitors activity on the host machine itself.

In summary, an HIDS will monitor configurations, user logins, and critical system files, but it will NOT monitor network traffic.