Host-based IDSs normally utilize information from which of the following sources?

A.
Operating system audit trails and system logs.

B.
Operating system audit trails and network packets.

C.
Network packets and system logs.

D.
Operating system alarms and system logs.

Explanation:
Host-based IDSs normally utilize information sources of two types, operating system
audit trails, and system logs. Operating system audit trails are usually generated at
the innermost (kernel) level of the operating system, and are therefore more detailed
and better protected than system logs. However, system logs are much less obtuse and
much smaller than audit trails, and are furthermore far easier to comprehend. Some
host-based IDSs are designed to support a centralized IDS management and reporting
infrastructure that can allow a single management console to track many hosts. Others
generate messages in formats that are compatible with network management systems.