Exam 200-201 topic 1 question 100 discussion

i think that "A.host-based intrusion detection". HIDS is capable of monitoring the internals of a computing system as well as the network packets on its network interfaces. Host-based firewall is a piece of software running on a single Host that can restrict incoming and outgoing Network activity for that host only.

"A" is correct. The question is copy and past of Wikipedia definition: An intrusion detection system (IDS)[1] is a device or software application that monitors a network or systems for malicious activity or policy violations. Any intrusion activity or violation is typically reported either to an administrator or collected centrally using a security information and event management (SIEM) system. A SIEM system combines outputs from multiple sources and uses alarm filtering techniques to distinguish malicious activity from false alarms. https://en.wikipedia.org/wiki/Intrusion_detection_system

The answer is A. Host-based intrusion detection (HIDS) is a security system that monitors a computer system for malicious activity or policy violations. HIDSs can be used to detect a variety of threats, including unauthorized access, malware, and data exfiltration. Systems-based sandboxing is a security technique that isolates applications in a controlled environment to prevent them from causing harm to the host system. Host-based firewall is a security system that controls incoming and outgoing network traffic on a host system. Antivirus is a software application that detects and removes malware from a computer system.

Keyword: "Monitors" - It is an IDS function. - An Intrusion Detection System (IDS) is a device or software application that monitors a network or systems for malicious activity or policy violations. - A host based firewall does not monitor local system operations. A firewall is no more than an ACL matching traffic in and out of a system based on how it's configured.

A. is the best answer HIDS is capable of monitoring the internals of a computing system as well as the network packets on its network interfaces. Host-based firewall is a piece of software running on a single Host that can restrict incoming and outgoing Network activity for that host only.

A host intrusion detection system uses rules and policies in order to search your log files, flagging those with events or activity the rules have determined could be indicative of potentially malicious behavior.

Host-based firewall is a piece of software running on a single Host that can restrict incoming and outgoing Network activity for that host only.

Should be A imho, key word "monitors"

HIDS monitors local system, firewall not. Answer is A

Answer is A An intrusion detection system (IDS) is a device or software application that monitors a network or systems for malicious activity or policy violations.

A host based firewall does not monitor local system operations. A firewall is no more than an ACL matching traffic in and out of a system based on how it's configured. A significant advantage of HIPS is that it can monitor operating system processes. "A HIPS often monitors memory, kernel, and network state, log files, ... protects system integrity by detecting changes to critical operating system files."

IDS Global detection, Firewall Local.. and i agree with the answer.. no doubt bro make it simple

It says security policies. In the firewall the concept of security policies is handled. I agree with the answer

The key word is "monitors". And it's IDS work.