The fact that a network-based IDS reviews packets payload and headers enables which of the following?

A.
Detection of denial of service

B.
Detection of all viruses

C.
Detection of data corruption

D.
Detection of all password guessing attacks

Explanation:
An Intrusion Detection System (IDS) is a system that is used to monitor network traffic or to monitor host audit
logs in order to determine if any violations of an organization’s security policy have taken place. An IDS can
detect intrusions that have circumvented or passed through a firewall or are occurring within the local area
network behind the firewall.
A network-based IDS usually provides reliable, real-time information without consuming network or host
resources. A network-based IDS is passive while it acquires data. Because a network-based IDS reviews
packets and headers, denial of service attacks can also be detected. Furthermore, because this IDS is
monitoring an attack in realtime, it can also respond to an attack in progress to limit damage.
Incorrect Answers:
B: A network-based IDS does not detect viruses.
C: A network-based IDS does not detect data corruption.
D: A network-based IDS does not detect all password guessing attacks.

Krutz, Ronald L. and Russell Dean Vines, The CISSP and CAP Prep Guide: Mastering CISSP and CAP, Wiley
Publishing, Indianapolis, 2007, p. 71