Certified Chief Information Security Officer (CCISO) — Question 89

What is the primary difference between Intrusion Detection Systems (IDS) and Intrusion Prevention Systems (IPS)?

Answer options

• A. IPS identify potentially malicious traffic based on signature or behaviour and IDS does not
• B. An IPS examine network traffic flows to detect and actively stop exploits and attacks
• C. IDS are typically deployed behind the firewall and IPS are deployed in front of the firewall
• D. Only IDS is susceptible to false positives

Correct answer: B

Explanation

The correct answer is B because an IPS not only detects malicious traffic but also takes action to prevent it from entering the network. Options A and C misrepresent the functions and deployment locations of IDS and IPS, while option D incorrectly suggests that IDS are the only systems vulnerable to false positives, which can also occur in IPS.