CISSP Question of the Day – 7-6-2016

Getting You Prepped for the CISSP Exam ...One Question at a Time!

Today’s CISSP question topic: Network Security – IDS

What of the following is something a network-based intrusion detection system (IDS) CANNOT do? (Choose 6)

  1. Inspect encrypted traffic for evidence of attack
  2. Detect illegal variations in protocol rules
  3. Compensate for weak passwords
  4. Detect TCP or ICMP-based denial of service attacks
  5. Filter malicious attachments from email messages
  6. Rate limit attack traffic to inhibit its effectiveness
  7. Detect malicious activity on local hosts
  8. Act as a log of evidence for a successful attack
  9. Remove need for human intervention
  10. Detect some zero-day exploits



Check Your Answer


  1. Inspect encrypted traffic for evidence of attack
  2. Compensate for weak password policy
  3. Filter malicious attachments from email messages
  4. Rate limit attack traffic to inhibit its effectiveness
  5. Detect malicious activity on local hosts
  6. Remove need for human intervention

Supporting Links:

  1. https://www.sans.org/reading-room/whitepapers/bestprac/defenses-zero-day-exploits-various-sized-organizations-35562
  2. https://en.wikipedia.org/wiki/Intrusion_detection_system


Co-workers, friends or colleagues studying for the CISSP exam, too? Share this question with them! Click an icon below to share to your preferred social media platform!
Posted in:
About the Author

Colin Weaver

Colin Weaver is co-owner and lead instructor at ITdojo, Inc., a network security and information assurance training center and consulting firm located in Virginia Beach, VA. His passion for technology, networks, and security has led him to become enthralled with the idea of IPv6 and its implementation. In this blog he will share with you glimpses of what he has learned and a hint at what you’ll learn in his classes.