Exam CCSP topic 1 question 189 discussion

NIDS monitors network traffic! Not HIDS.

» Host IDS (HIDS): This type of IDS operates on a single host and monitors only *network traffic* that flows into and out of that host. In addition to monitoring a host’s network traffic, HIDS are often able to monitor *critical configurations* and *files* on a host and can be configured to alert on suspicious modifications. Similar to other host-based security controls, HIDS are prone to compromise if an attacker gains root-level access on that host. To combat this, HIDS logs should immediately be sent a remote system (like your centrally managed SIEM), and HIDS configurations and settings should be locked down and managed on a remote system. Consider installing a HIDS on your baseline images for your highly sensitive systems. Configure the HIDS to communicate with your SIEM or other centrally managed alerting dashboard. You can then deploy and manage those distributed HIDS in one fell swoop.

Network traffic. Host-based Intrusion Detection Systems (HIDS) monitor configurations, user logins, and critical system files, but they don't typically monitor network traffic—that's the realm of Network-based Intrusion Detection Systems (NIDS).

NIDS dose monitor the network traffic not the HIDS

An HIDS (Host-based Intrusion Detection System) monitors activities on a specific host or device, such as configurations, user logins, and critical system files. It does not typically monitor network traffic, which is the role of a Network-based Intrusion Detection System (NIDS).

Host-based Intrusion Detection System [HIDS] focuses on monitoring & protecting individual hosts or devices within a network. Network-based Intrusion Detection System [NIDS] concentrates on monitoring network traffic to identify suspicious patterns & potential threats across the entire network

An HIDS primarily focuses on monitoring and analyzing activities occurring within the host or system itself. This includes monitoring configurations, user logins, critical system files, file integrity, process activity, and other host-specific events. The purpose of an HIDS is to detect suspicious or unauthorized activities on the host and raise alerts or take action accordingly. While network traffic is crucial for overall security monitoring, it falls under the purview of network-based monitoring systems rather than host-based systems like HIDS

D. Network traffic An HIDS (Host-based Intrusion Detection System) is designed to monitor and protect individual systems within a network by analyzing activities and events occurring on the host itself. It typically monitors configurations, user logins, and critical system files, among other things, to detect potential security threats or unauthorized activities.

D. Network traffic An HIDS (Host-based Intrusion Detection System) is designed to monitor and protect individual systems within a network by analyzing activities and events occurring on the host itself. It typically monitors configurations, user logins, and critical system files, among other things, to detect potential security threats or unauthorized activities.

AIO CCSP states all but User Logins will be monitored.

B is correct!!! HIDS will monitor the inbout/outbound traffic of the host and the rest options as well. So the only remaining one is USERS

SHOULD BE D -- FOR NETWORK TRAFFIC WE HAVE NIDS

B is sort of correct - HIDS doesn't monitor all network traffic but it monitors inbound and outbound packets for the device only

A is the answer host-based IDS, you gain granular visibility into the systems and services you’re running so you can easily detect: System compromises Privileged escalations Installation of unwanted applications Modification of critical application binaries, data, and configuration files (e.g. registry settings, /etc/passwd) Rogue processes Critical services that have been stopped, or that failed to start User access to systems

Host IDS (HIDS): This type of IDS operates on a single host and monitors only network traffic that flows into and out of that host. In addition to monitoring a host’s network traffic, HIDS are often able to monitor critical configurations and files on a host and can be configured to alert on suspicious modifications.

HIDS does not monitor network traffic. D should be the answer

should be D. HIDS doesn't monitor Network traffic