Computer Hacking Forensic Investigator (CHFI) — Question 2
Which Intrusion Detection System (IDS) usually produces the most false alarms due to the unpredictable behaviors of users and networks?
Answer options
- A. network-based IDS systems (NIDS)
- B. host-based IDS systems (HIDS)
- C. anomaly detection
- D. signature recognition
Correct answer: B
Explanation
Host-based IDS systems (HIDS) monitor the activities on individual hosts and can produce many false alarms because they often rely on predefined baselines of normal behavior. In contrast, network-based IDS systems (NIDS) and signature recognition primarily focus on known patterns and may not be as sensitive to unpredictable behaviors. Anomaly detection, while sensitive, is more typically associated with HIDS in this context.