IDS vs IPS:
AIDS prevents attacks; IPS only detects
BIDS alerts; IPS detects + blocks
CBoth are encryption protocols
DBoth manage user passwords
Answer & Solution
Correct answer: B. IDS alerts; IPS detects + blocks
1. IDS (Intrusion Detection System): passively MONITORS traffic and raises ALERTS when suspicious patterns are seen. Doesn't block.
2. IPS (Intrusion Prevention System): inline device that can DROP, RESET, or QUARANTINE traffic that matches malicious signatures.
3. DEPLOYMENT:
• IDS: out-of-band (on a SPAN/mirror port) — no risk of false positives blocking legit traffic.
• IPS: in-line — must be very accurate to avoid breaking legitimate sessions.
4. DETECTION methods: SIGNATURE-based (known attack patterns), ANOMALY-based (deviation from baseline), HYBRID.
5. Snort, Suricata, Zeek are common open-source examples.
_Source: NIST SP 800-94 (Intrusion Detection and Prevention) — referenced from CSF DE.CM._
Related questions
A SIEM (Security Information and Event Management) system primarilyA WEB APPLICATION FIREWALL (WAF) sits at which layer of the network?ARP SPOOFING (or ARP poisoning) lets an attacker on a LANWPA3 isA ZERO-TRUST network architecture is based on the principleDDoS (Distributed Denial of Service) differs from DoS in thatDNSSEC adds which security property to DNS?A MAN-IN-THE-MIDDLE (MITM) attack happens when