Which of the following is a core function of an Intrusion Detection System?

The core function of an Intrusion Detection System (IDS) is to monitor network traffic for suspicious activity. This involves examining data packets that traverse a network to identify patterns indicative of potential security breaches, such as unauthorized access attempts, malware propagation, or other malicious activities. By analyzing this data in real time, an IDS can alert administrators to intrusions or policy violations, enabling them to take appropriate action to mitigate threats.

In contrast, encrypting data is primarily a preventive measure used to protect confidentiality rather than actively monitoring for threats. Creating user accounts pertains to user management and administration, which is not a function of an IDS. Configuring firewalls involves setting up device rules to block or allow traffic based on security policies but does not involve the detection and alerting of potential intrusions as an IDS does. Thus, monitoring network traffic for suspicious activity distinctly encapsulates the primary role of an Intrusion Detection System.