A security team deploys a new Host-based Intrusion Detection System (HIDS) across all enterprise servers. During testing with a recently discovered exploit, alerts are generated on most servers as expected. However, one specific group of critical production servers fails to generate any alerts for the same test. A review confirms the HIDS service is running on the affected servers. Which of the following is the MOST likely cause for the detection failure on this specific group?
The operating system on the affected servers is incompatible with the HIDS agent.
The HIDS logging level on the affected servers is configured to suppress non-critical alerts.
A network access control list (ACL) is blocking the test traffic from reaching the affected servers.
The HIDS on the affected servers has not been updated with the latest threat signatures.
Host-based Intrusion Detection Systems (HIDS) primarily use signature-based and behavior-based detection. For them to be effective against new threats, their signature files and rule sets must be regularly updated. A common issue in large environments is a failed update process for a specific group of devices, often due to network segmentation, incorrect group policies, or manual configuration errors. This explains why the service is running but fails to detect a new exploit. While network ACLs, OS incompatibility, or incorrect logging levels could be potential issues, the MOST likely reason for a functioning HIDS to fail to detect a new exploit on a specific subset of systems is outdated detection logic.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
Why is keeping detection modules updated so important?
Open an interactive chat with Bash
How do attack vectors differ from common threats?
Open an interactive chat with Bash
What challenges might arise when testing protective services in server groups?