Question about IDS
I had a question in a practice test that confused me a bit. I know Comptia likes to throw weird wording in their tests and it gets me sometimes. here is the question:
Which System would you install to provide protection and notification of security problems in a network connected to the Internet?
A. IDS
B. Network monitoring
C. Router
D. VPN
Now the answer is A. I did put A because I knew the others where definitely wrong. The problem I have is, IDS is not a "protection" system like it states in the question. From what I understand it is a detection system that notifies you of abnormal behavior / intrusions. The IPS is the "protection" system.
Is there a layer of protection on the IDS's that I just don't know about?
Thanks for the info in advance.
Which System would you install to provide protection and notification of security problems in a network connected to the Internet?
A. IDS
B. Network monitoring
C. Router
D. VPN
Now the answer is A. I did put A because I knew the others where definitely wrong. The problem I have is, IDS is not a "protection" system like it states in the question. From what I understand it is a detection system that notifies you of abnormal behavior / intrusions. The IPS is the "protection" system.
Is there a layer of protection on the IDS's that I just don't know about?
Thanks for the info in advance.
Comments
-
cyberguypr Mod Posts: 6,928 ModWell, IDS could be set as active response, where it will do some session disruption (seee https://www.sans.org/security-resources/idfaq/active.php), but that's outside the scope of the question. Taking it at face value, remember that you need to choose the BEST answer. In some cases it means the one that sucks less. In this case that is IDS.
-
netsysllc Member Posts: 479 ■■■■□□□□□□Poorly worded question on their part. You are correct that it would need to be an IPS to actually provide proactive protection. The IDS only alerts you and gives you reactive information to use.
-
IS3 Member Posts: 71 ■■□□□□□□□□From what i understood:
IDS = Protects passively and notify
IPS = Protects actively and notify
They both "protect" because they're considered as security devices.
Just my thought...:study: -
TallDude7 Member Posts: 61 ■■□□□□□□□□those wacky questions you have to use process of elimination. A is best out of the four
-
T-RAV Member Posts: 22 ■□□□□□□□□□From what i understood:
IDS = Protects passively and notify
IPS = Protects actively and notify
They both "protect" because they're considered as security devices.
Just my thought...
Thanks for the reply. I see where you are coming from. To me being passive is not protecting it is simply monitoring. I guess in terms of security it warns you so you can take actions to protect.
I hate to sound like I'm nit picky. not trying to be. I just wanted to make sure I fully understood the function of an IDS. I've just had a lot of questions that had IPS and IDS as an option to select and I would like to think if IPS was one of the options in the above question, it would have been the correct answer. -
fuz1on Member Posts: 961 ■■■■□□□□□□The question is really badly worded as host-based intrusion detection (HIDS) is an IDS and supports network monitoring. The keyword is system since network monitoring is just part of HIDS or NIDS - therefore, it must be IDS.timku.com(puter) | ProHacker.Co(nsultant) | ITaaS.Co(nstultant) | ThePenTester.net | @fuz1on
Transmosis | http://transmosis.com | LinkedIn | https://linkedin.com/in/t1mku
If evil be spoken of you and it be true, correct yourself, if it be a lie, laugh at it. - Epictetus
The only real failure in life is not to be true to the best one knows. - Buddha
If you are not willing to learn, no one can help you. If you are determined to learn, no one can stop you. - Unknown -
TechGuru80 Member Posts: 1,539 ■■■■■■□□□□I had a question in a practice test that confused me a bit. I know Comptia likes to throw weird wording in their tests and it gets me sometimes. here is the question:
Which System would you install to provide protection and notification of security problems in a network connected to the Internet?
A. IDS
B. Network monitoring
C. Router
D. VPN
Now the answer is A. I did put A because I knew the others where definitely wrong. The problem I have is, IDS is not a "protection" system like it states in the question. From what I understand it is a detection system that notifies you of abnormal behavior / intrusions. The IPS is the "protection" system.
Is there a layer of protection on the IDS's that I just don't know about?
Thanks for the info in advance.
B and C are for routing traffic and seeing the traffic load on the network...not what we are looking for in this question.
D. VPNs are for remote connectivity via the Internet providing a secure channel from the client into the network but it is not something to alert us.
Generally you can use the process of elimination if you really aren't sure...for example in this question we can pretty easily eliminate 2 answers and with a little more focus remove a third answer.