Which two statements are true about IDS Signatures? (Choose two.)

Which two statements are true about IDS Signatures? (Choose two.)
A . Users can upload their own IDS signature definitions.
B . An IDS signature contains data used to identify known exploits and vulnerabilities.
C . An IDS signature contains data used to identify the creator of known exploits and vulnerabilities.
D . IDS signatures can be High Risk, Suspicious, Low Risk and Trustworthy.
E . An IDS signature contains a set of instructions that determine which traffic is analyzed.

View Answer

Answer: BE

Explanation:

According to the Network Bachelor article1, an IDS signature contains data used to identify an attacker’s attempt to exploit a known vulnerability in both the operating system and applications. This implies that statement B is true. According to the VMware NSX Documentation2, IDS/IPS Profiles are used to group signatures, which can then be applied to select applications and traffic. This implies that statement E is true. Statement A is false because users cannot upload their own IDS signature definitions, they have to use the ones provided by VMware or Trustwave3. Statement C is false because an IDS signature does not contain data used to identify the creator of known exploits and vulnerabilities, only the exploits and vulnerabilities themselves. Statement D is false because IDS signatures are classified into one of the following severity categories: Critical, High, Medium, Low, or Informational1.

Reference: 3: Distributed IDS/IPS Settings and Signatures – VMware Docs 2: Distributed IDS/IPS –

VMware Docs 1: NSX-T: Exploring Distributed IDS – Network Bachelor