You are comparing host based IDS with network based ID. Which of the following will you consider
as an obvious disadvantage of host based IDS?

A.
It cannot analyze encrypted information.

B.
It is costly to remove.

C.
It is affected by switched networks.

D.
It is costly to manage.

Explanation:
Host-based IDSs are harder to manage, as information must be configured and managed for
every host monitored. Since at least the information sources (and sometimes part of the
analysis engines) for host-based IDSs reside on the host targeted by attacks, the IDS
may be attacked and disabled as part of the attack.
Host-based IDSs are not well suited for detecting network scans or other such
surveillance that targets an entire network, because the IDS only sees those network
packets received by its host. Host-based IDSs can be disabled by certain
denial-of-service attacks.