A HIDS directly integrates with an endpoint or host and monitors activity on that system. It can evaluate logs, file changes, processes, authentication activity, configuration changes, and local indicators that may not be visible on the network. This makes it a last line of defense because it can detect suspicious activity after traffic has reached the host or when malicious activity occurs locally. A NIDS monitors traffic on a network segment rather than being installed on each individual endpoint. Answer A incorrectly describes network-based detection as endpoint-installed. Answer B is awkwardly worded and less precise than answer C. Answer D incorrectly assigns endpoint integration to NIDS. HIDS and NIDS are complementary. NIDS provides broad network visibility, while HIDS provides deep host-level visibility. Security teams use both types of telemetry to understand attack scope and confirm whether suspicious network behavior resulted in endpoint compromise. Reference/topics: Cybersecurity 1.4, IDS, HIDS, and NIDS; Endpoint Security 4.3, host-based controls.
Contribute your Thoughts:
Chosen Answer:
This is a voting comment (?). You can switch to a simple comment. It is better to Upvote an existing comment if you don't have anything to add.
Submit