An analyst received an alert on their desktop computer showing that an attack was successful on the host.
After investigating, the analyst discovered that no mitigation action occurred during the attack.
What is the reason for this discrepancy?
Click on the arrows to vote for the correct answer
A. B. C. D.C.
The discrepancy between the successful attack alert and the absence of any mitigation action suggests that the computer has an intrusion detection system (IDS) installed but not an intrusion prevention system (IPS).
An IDS is a security tool that monitors network traffic or system activity for suspicious behavior and generates alerts when it detects such activity. It is designed to detect and alert analysts of an ongoing attack or a potential intrusion. However, it does not take any action to prevent or stop the attack from progressing. Instead, it provides information to the analyst to allow them to take mitigation actions.
On the other hand, an IPS is a security tool that performs all the functions of an IDS, but in addition, it can take actions to prevent attacks. It can block or drop malicious traffic, terminate connections, or reconfigure security settings to mitigate the attack. In this scenario, the absence of mitigation action suggests that the computer does not have an IPS installed.
Based on the answer choices provided, the correct answer would be either C or D. C refers to Host-based Intrusion Detection System (HIDS), which is an IDS that is installed on the host (computer), whereas D refers to Network-based Intrusion Detection System (NIDS), which is an IDS that monitors network traffic. Both HIDS and NIDS only detect and alert on suspicious activity, but they do not take any action to prevent the attack.
To summarize, the discrepancy between the successful attack alert and the absence of mitigation action suggests that the computer has an IDS installed, but not an IPS.