Computer Hacking Forensic Investigator (CHFI) Practice Exam 2026 - Free CHFI Practice Questions and Comprehensive Study Guide

The correct choice is host-based intrusion detection. This system is specifically designed to monitor and analyze events occurring on an individual host or device, such as a computer or server. By focusing on a single host, it can track system logs, user activities, and file access events, enabling it to detect suspicious behavior or potential intrusions that might not be visible from a network perspective.

This approach is particularly effective in environments where sensitive data is housed on the host, allowing for real-time assessment of activities that may compromise that data. Host-based intrusion detection systems can also provide insight into system integrity and security policies, making them invaluable for organizations that need to maintain strict control over their internal environments.

Other options do serve useful purposes within broader security frameworks but do not focus exclusively on host activity. Network-based intrusion detection monitors traffic on the network level, log file monitoring reviews log files without detailed analysis of each event, and file integrity checking focuses on detecting changes to files rather than overall host activity. Each of these alternatives complements a security strategy but does not match the specific function of host-based intrusion detection.