Comptia Network+ Mike Meyers

I am working on my Network +.
So I’m using Mike Meyers and Jason Dion’s video training. At the same time, I am also reading Mike Meyerss’ book. There is a question in the book with an answer at the end of the chapter.

The question:
10. Which of the following statements best applies to an IDS?

A. An IDS inspects a copy of all traffic in a network and can respond to detected intrusions with actions.
B. An IDS inspects all traffic as it enters a network and can respond to detected intrusions with actions.
C. An IDS inspects a copy of all traffic in a network and reports intrusions to a configured user account.
D. An IDS inspects all traffic as it enters a network and reports intrusions to a configured user account.

I thought the answer was answer D.
But according to the book, the answer is A.
I don’t quite understand that.
If we look at answer A, I thought you needed an IPS to respond.

I too think it should be D. my understanding is that IPS addresses the threat by taking preventative action(s), whereas IDS monitors and prompts a predefined admin/user to take action.
If anything, it should be between C and D. I can’t recall exactly where I heard/read in A+ but I think it said that IDS doesn’t directly sit in the path of the traffic like a firewall, so it sees a copy of traffic. I’ll need to go back and find out.

1 Like

So I’ve been reading up on Mike Meyer’s book. It does say that IDS gets copies of network traffic. It can alert an administrator and even automatically tell a firewall to block traffic based on what it observes. I guess since it is capable of alerting the admin and also intervening via the firewall, “A” suddenly seems plausible. Typical CompTIA trickery…

1 Like

Yes you think you understand something. And then there is such a question. But what I was also thinking about. Is he talking about an active IDS by chance? But thanks for your answer!

1 Like

Some conflicting info around. According to the following and others, IDS does nothing to prevent attacks (only logs events or sends alerts).

Re active/passive, seems like active IDS is just another way to refer to IPS. I’m back to square one. My solution: cross your fingers you don’t see this question on exam day :laughing:

1 Like

Yup that’s the best solution. :crossed_fingers:t2:

I asked Mike the question in a AMA and answer A is a IPS!

1 Like

Cool! You must be the Edwin he’s referred to a few times in his AMA’s. I can’t attend live as based in a totally different timezone but have subscribed and view the recordings. Very educational.

1 tip 2 words
Professor Messer
Search for him on Youtube:p
Thank me later :slight_smile:

1 Like

I use his resources religiously :blush:

1 Like