Certified Ethical Hacker (CEH) — Question 83

The use of alert thresholding in an IDS can reduce the volume of repeated alerts, but introduces which of the following vulnerabilities?

Answer options

• A. An attacker, working slowly enough, can evade detection by the IDS.
• B. Network packets are dropped if the volume exceeds the threshold.
• C. Thresholding interferes with the IDS’ ability to reassemble fragmented packets.
• D. The IDS will not distinguish among packets originating from different sources.

Correct answer: A

Explanation

The correct answer is A because alert thresholding can allow attackers who operate below the threshold to go unnoticed. Options B, C, and D are incorrect as they do not accurately describe vulnerabilities introduced by thresholding; B pertains to packet handling rather than detection evasion, C relates to packet reconstruction which is not directly affected by alert thresholds, and D incorrectly implies that thresholding affects source differentiation.