Which of the following is NOT a characteristic of a host-based intrusion detection system?

A.
A HIDS does not consume large amounts of system resources

B.
A HIDS can analyze system logs, processes and resources

C.
A HIDS looks for unauthorized changes to the system

D.
A HIDS can notify system administrators when unusual events are identified

Explanation:
HIDS constantly monitors the system. This can consume quite a few resources.
Incorrect Answers:
B: A HIDS might look at the state of a system, its stored information, whether in RAM, in the file system, log
files or elsewhere; and check that the contents of these appear as expected, e.g. have not been changed by
intruders.
C: HIDS detects unauthorized changes to the system.
D: When a HIDS detect an anomaly it typically alerts the system administrator of the intrusion.

https://en.wikipedia.org/wiki/Host-based_intrusion_detection_system