You are comparing host based IDS with network based ID. Which of the following will you consider
as an obvious disadvantage of host based IDS?

A.
It cannot analyze encrypted information.

B.
It is costly to remove.

C.
It is affected by switched networks.

D.
It is costly to manage.

Explanation:
Host-based IDSs are harder to manage, as information must be configured and managed for every
host monitored. Since at least the information sources (and sometimes part of the analysis engines)
for host-based IDSs reside on the host targeted by attacks, the IDS may be attacked and disabled as

part of the attack. Host-based IDSs are not well suited for detecting network scans or other such
surveillance that targets an entire network, because the IDS only sees those network packets
received by its host. Host-based IDSs can be disabled by certain denial-of-service attacks.