2.8. Exam Essentials
Understand the use of monitoring in relation to access controls.
Monitoring is used to hold subjects accountable for their actions and to detect abnormal or malicious activities.
Understand the need for intrusion detection systems (IDSs) and that they are only one component in a security policy.
An IDS is needed to automate the process of discovering anomalies in subject activity and system event logs. IDSs are primarily used to detect intrusions or attempted intrusions. An IDS alone will not secure a system. It must be used in conjunction with access controls, physical security, and maintaining secure systems on the network.
Know the limits of using host-based IDSs.
Host-based IDSs can monitor activity on a single system ...