What does a Host-Based Intrusion Detection System (HIDS) do?

• A. A system that monitors the computer on which it is installed to detect an intrusion and logs the activity and notifies the designated authority
• B. A system that only scans network traffic
• C. A tool for encrypting disk drives
• D. A device that blocks all inbound connections by default

Answer: (A)

A Host-Based Intrusion Detection System focuses on the device it runs on, monitoring the host’s internal activity to spot signs of intrusion. It watches things like system logs, file changes, process behavior, and authentication events, looking for known attack patterns or unusual behavior. When something suspicious is detected, it logs evidence and sends an alert to the designated security authority so a response can be initiated. This host-level perspective is different from monitoring network traffic alone, which is what network-based IDS does, and from tools that encrypt data or block traffic by default, which don’t continuously monitor for intrusions on the host itself. So, monitoring the computer, logging activity, and notifying the appropriate response channel best captures what a HIDS does.