Which of the following is a feature of an intrusion detection system (IDS)?
Gathering evidence on attack attempts
Identifying weaknesses in the policy definition
Blocking access to particular sites on the Internet
Preventing certain users from accessing specific servers
An IDS can gather evidence on intrusive activity such as an attack or penetration attempt.
Identifying weaknesses in the policy definition is a limitation of an IDS. Choices C and D are
features of firewalls, while choice B requires a manual review, and therefore is outside the
functionality of an IDS.