Answer: D - A signature based NIDS is solely based on specific network traffic.
Key Takeaway: IDS primarily evaluates attacks based on attack signatures and audit trails. A signature-based intrusion detection system, or IDS, evaluates packets on the network and compares them to a database of known attacks for similarities to these known attacks. The issue that can occur with a signature-based IDS is the lag time between the exploits being released and the database being updated with the signature. An anomaly or behavior based IDS looks for behaviors different than expected based on the system’s configuration.
