Certified Information Systems Auditor (CISA) — Question 226

The GREATEST limitation of a network-based intrusion detection system (IDS) is that it:

Answer options

• A. provides only for active rather than passive IDS monitoring
• B. does not monitor for denial of service (DoS) attacks
• C. consumes excessive network resources for detection
• D. does not detect attacks originating on the server hosting the IDS

Correct answer: D

Explanation

The correct answer is D because a network-based IDS primarily monitors traffic flowing through the network and does not have visibility into activities occurring on the host system itself. Options A, B, and C are not as significant limitations because they address specific functionalities rather than the core issue of server-originating attacks.