Which IDS type monitors network traffic across the network rather than focusing on a single host?

Unlock all questions

This demo includes only 20 questions. Upgrade to access hundreds of questions, flashcards, exam simulations, and disable ads.

Full question bankExam simulationsFlashcards
From $9.99Unlock all

Explore the EC-Council CEH Certification Test. Prepare with flashcards and questions, each with explanations and insights. Gear up for success!

Multiple Choice

Which IDS type monitors network traffic across the network rather than focusing on a single host?

Explanation:
Monitoring traffic across the network is the job of a network-based IDS. It sits at multiple points in the infrastructure or at the network perimeter and watches the data flowing between hosts, allowing it to detect suspicious activity that involves more than one machine. A host-based IDS, in contrast, runs on a single machine and analyzes that machine’s local events, logs, and system calls, not the broader traffic. The terms signature-based and anomaly-based describe how detections are made (matching known patterns or flagging deviations), and these methods can be used by either network- or host-based sensors. But they don’t define the scope of what is being monitored. So the option that best fits the description of network-wide traffic monitoring is the network-based IDS.

Monitoring traffic across the network is the job of a network-based IDS. It sits at multiple points in the infrastructure or at the network perimeter and watches the data flowing between hosts, allowing it to detect suspicious activity that involves more than one machine. A host-based IDS, in contrast, runs on a single machine and analyzes that machine’s local events, logs, and system calls, not the broader traffic. The terms signature-based and anomaly-based describe how detections are made (matching known patterns or flagging deviations), and these methods can be used by either network- or host-based sensors. But they don’t define the scope of what is being monitored. So the option that best fits the description of network-wide traffic monitoring is the network-based IDS.

More Multiple Choice Questions
Subscribe

Get the latest from Examzify

You can unsubscribe at any time. Read our privacy policy