Detection capabilities of Host-based ID systems are limited by the incompleteness of which of the
following?

A.
Audit log capabilities

B.
Event capture capabilities

C.
Event triage capabilities

D.
Audit notification capabilities

Explanation:
This is one of the weakest point of IDS systems installed on the individual hosts.
Since much of the malicious activity could be circulating through the network, and this kind of IDS
usually have small logging capabilities and of local nature. So any activity happening in the
network could go unnoticed, and intrusions can’t be tracked as in depth as we could with an
enterprise IDS solution providing centralized logging capabilities.