IDS can be described in terms of what fundamental functional components?

A.
Response

B.
Information Sources

C.
Analysis

D.
All of the choices.

Explanation:
Many IDSs can be described in terms of three fundamental functional components:
Information Sources – the different sources of event information used to determine
whether an intrusion has taken place. These sources can be drawn from different levels
of the system, with network, host, and application monitoring most common.
Analysis – the part of intrusion detection systems that actually organizes and makes
sense of the events derived from the information sources, deciding when those events
indicate that intrusions are occurring or have already taken place. The most common
analysis approaches are misuse detection and anomaly detection.
Response – the set of actions that the system takes once it detects intrusions. These
are typically grouped into active and passive measures, with active measures involving
some automated intervention on the part of the system, and passive measures involving
reporting IDS findings to humans, who are then expected to take action based on those
reports.