Detection capabilities of Host-based ID systems are limited by the incompleteness of which of the
following?

A.
Audit log capabilities

B.
Event capture capabilities

C.
Event triage capabilities

D.
Audit notification capabilities

Explanation:
This is one of the weakest point of IDS systems installed on the individual hosts. Since much of the
malicious activity could be circulating through the network, and this kind of IDS usually have small
logging capabilities and of local nature. So any activity happening in the network could go unnoticed,
and intrusions can’t be tracked as in depth as we could with an enterprise IDS solution providing
centralized logging capabilities.