Question 17
Domain 4 — Technology, Security, and Resilience ControlsWhat is the primary purpose of an Intrusion Detection System (IDS)?
Correct answer: B
Explanation
An Intrusion Detection System (IDS) is designed to monitor network or host activity and identify signs of unauthorized or suspicious behavior. Its primary function is to "detect and alert on suspicious activities," allowing administrators to investigate and respond quickly.
Why each option is right or wrong
A. To prevent all cyber attacks
B. To detect and alert on suspicious activities
An IDS is a monitoring control, not a blocking control: it inspects host or network events and generates alerts when it sees indicators of compromise or policy violations. In standard security architecture, its role is to identify suspicious activity and notify administrators for investigation, whereas prevention and automatic blocking are functions of an IPS.
C. To encrypt network traffic
D. To manage user passwords