When performing the daily review of the system vulnerability scans of the network Joe, the administrator,
noticed several security related vulnerabilities with an assigned vulnerability identification number. Joe
researches the assigned vulnerability identification number from the vendor website. Joe proceeds with
applying the recommended solution for identified vulnerability.
Which of the following is the type of vulnerability described?
A.
Network based
B.
IDS
C.
Signature based
D.
Host based
Explanation:
A signature-based monitoring or detection method relies on a database of signatures or patterns of known
malicious or unwanted activity. The strength of a signature-based system is that it can quickly and accurately
detect any event from its database of signatures.Incorrect Answers:
A: A network-based IDS (NIDS) watches network traffic in real time. It’s reliable for detecting network-focused
attacks, such as bandwidth-based DoS attacks.
B: An intrusion detection system (IDS) is an automated system that either watches activity in real time or
reviews the contents of audit logs in order to detect intrusions or security policy violations.
C: A host-based IDS (HIDS) watches the audit trails and log files of a host system. It’s reliable for detecting
attacks directed against a host, whether they originate from an external source or are being perpetrated by a
user locally logged in to the host.Stewart, James Michael, CompTIA Security+ Review Guide, Sybex, Indianapolis, 2014, p. 21