DSAC Annex F Practice Test 2026 - Free Annex F Practice Questions and Study Guide

A Host-Based Intrusion Detection System focuses on the device it runs on, monitoring the host’s internal activity to spot signs of intrusion. It watches things like system logs, file changes, process behavior, and authentication events, looking for known attack patterns or unusual behavior. When something suspicious is detected, it logs evidence and sends an alert to the designated security authority so a response can be initiated. This host-level perspective is different from monitoring network traffic alone, which is what network-based IDS does, and from tools that encrypt data or block traffic by default, which don’t continuously monitor for intrusions on the host itself. So, monitoring the computer, logging activity, and notifying the appropriate response channel best captures what a HIDS does.