Characteristics of a Host-Based Intrusion Detection System

A.

A HIDS does not consume large amounts of system resources is the correct choice.HIDS can consume inordinate amounts of CPU and system resources in order to function effectively, especially during an event.

All the other answers are characteristics of HIDSes A HIDS can: scrutinize event logs, critical system files, and other auditable system resources; look for unauthorized change or suspicious patterns of behavior or activity can send alerts when unusual events are discovered Reference: Official guide to the CISSP CBK.

Pages 197 to 198.

Option A, "A HIDS does not consume large amounts of system resources," is not a characteristic of a host-based intrusion detection system (HIDS).

A HIDS is a security mechanism that monitors and analyzes activity on a single host or endpoint system to detect suspicious behavior, including attempts to exploit vulnerabilities, unauthorized access, and other types of intrusions.

Here are the characteristics of a HIDS:

B. A HIDS can analyze system logs, processes, and resources: HIDS can collect information from various sources on the host, such as system logs, system call traces, and network traffic, to analyze and detect potential intrusions.

C. A HIDS looks for unauthorized changes to the system: HIDS can monitor and detect changes to files, configurations, and other system resources that may indicate an intrusion attempt.

D. A HIDS can notify system administrators when unusual events are identified: HIDS can generate alerts, logs, and other notifications to inform system administrators of potential security breaches.

However, one of the limitations of HIDS is that it can consume a significant amount of system resources, as it needs to monitor and analyze various activities on the host. Therefore, option A is not a characteristic of HIDS.