Real-Time Network Traffic and Host Audit Log Monitoring

A.

An Intrusion Detection System (IDS) is a system that is used to monitor network traffic or to monitor host audit logs in order to determine if any violations of an organization's system security policy have taken place.

Source: KRUTZ, Ronald L.

& VINES, Russel.

D., The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, 2001, John Wiley & Sons, Page 48.

The answer to the question is A. Intrusion Detection System (IDS).

An Intrusion Detection System (IDS) is a security technology that monitors network traffic or host audit logs in real-time to identify security policy violations that have taken place. IDS can detect a wide range of attacks, including unauthorized access attempts, port scans, malware infections, and data exfiltration attempts.

IDS can operate in two different modes: signature-based detection and anomaly-based detection. Signature-based detection relies on a database of known attack patterns or signatures to detect malicious activities. Anomaly-based detection, on the other hand, learns the baseline behavior of the network or host and alerts administrators when it detects any abnormal or suspicious behavior.

An IDS can be either network-based or host-based. Network-based IDS is deployed at strategic points within the network to monitor traffic and detect attacks in real-time. Host-based IDS is installed on individual hosts and monitors the activities on the host to detect any malicious activities.

In summary, an Intrusion Detection System (IDS) is used to monitor network traffic or host audit logs in real-time to detect security policy violations that have taken place. IDS can detect various types of attacks, operates in two modes (signature-based and anomaly-based), and can be network-based or host-based.