The BEST way to determine if an anomaly-based intrusion detection system (IDS) is properly installed is to:
A.
simulate an attack and review IDS performance.
B.
use a honeypot to check for unusual activity.
C.
audit the configuration of the IDS.
D.
benchmark the IDS against a peer site.
Explanation:
Simulating an attack on the network demonstrates whether the intrusion detection system (IDS) is properly tuned. Reviewing the configuration may or may not reveal weaknesses since an anomaly-based system uses trends to identify potential attacks. A honeypot is not a good first step since it would need to have already been penetrated. Benchmarking against a peer site would generally not be practical or useful.