The BEST way to determine if an anomaly-based intrusion detection system (IDS) is properly
installed is to:
A.
simulate an attack and review IDS performance.
B.
use a honeypot to check for unusual activity.
C.
audit the configuration of the IDS.
D.
benchmark the IDS against a peer site.
Explanation:
Simulating an attack on the network demonstrates whether the intrusion detection system (IDS) is
properly tuned. Reviewing the configuration may or may not reveal weaknesses since an anomalybased system uses trends to identify potential attacks. A honeypot is not a good first step since it
would need to have already been penetrated. Benchmarking against a peer site would generally
not be practical or useful.