ExamTopics Logo
Mail Us[email protected]
Menu
Isc Discussions
exam questions

Exam SSCP All Questions

View all questions & answers for the SSCP exam
Go to Exam

Exam SSCP topic 3 question 24 discussion

Actual exam question from ISC's SSCP
Question #: 24
Topic #: 3
[All SSCP Questions]

Which one of the following statements about the advantages and disadvantages of network-based Intrusion detection systems is true

  • A. Network-based IDSs are not vulnerable to attacks.
  • B. Network-based IDSs are well suited for modern switch-based networks.
  • C. Most network-based IDSs can automatically indicate whether or not an attack was successful.
  • D. The deployment of network-based IDSs has little impact upon an existing network.
Show Suggested Answer Hide Answer
Suggested Answer: D 🗳️
Network-based IDSs are usually passive devices that listen on a network wire without interfering with the normal operation of a network. Thus, it is usually easy to retrofit a network to include network-based IDSs with minimal effort.
Network-based IDSs are not vulnerable to attacks is not true, even thou network-based IDSs can be made very secure against attack and even made invisible to many attackers they still have to read the packets and sometimes a well crafted packet might exploit or kill your capture engine.
Network-based IDSs are well suited for modern switch-based networks is not true as most switches do not provide universal monitoring ports and this limits the monitoring range of a network-based IDS sensor to a single host. Even when switches provide such monitoring ports, often the single port cannot mirror all traffic traversing the switch.
Most network-based IDSs can automatically indicate whether or not an attack was successful is not true as most network-based IDSs cannot tell whether or not an attack was successful; they can only discern that an attack was initiated. This means that after a network-based IDS detects an attack, administrators must manually investigate each attacked host to determine whether it was indeed penetrated.
Reference:
NIST special publication 800-31 Intrusion Detection System pages 15-16
Official guide to the CISSP CBK. Pages 196 to 197
by petebest at Oct. 19, 2021, 8:35 a.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
formazionehs
3 months, 3 weeks ago
D is correct
upvoted 1 times
...
Rongupta
1 year, 11 months ago
its D, Most network-based IDSs can automatically indicate whether or not an attack was successful is not true as most network-based IDSs cannot tell whether or not an attack was successful; they can only discern that an attack was initiated
upvoted 1 times
...
petebest
2 years, 4 months ago
Based on the text, correct answer is C
upvoted 1 times
catastrophie
1 year, 4 months ago
End-Point security devices such as IDS running on an end-user PC would be able to tell if an attack was successful or not. D is the correct answer.
upvoted 3 times
...
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago