Which of the following is a limitation of intrusion detection systems?

Attackers continually evolve, and that creates a fundamental limitation for intrusion detection systems. Even when signatures are updated and new detection methods are developed, clever adversaries find ways to bypass them—through novel attack techniques, obfuscated payloads, encrypted or low-and-slow traffic, or exploiting unknown vulnerabilities. Because IDS often rely on known signatures or established baselines of normal behavior, there will always be methods that slip through until detection models are updated, making zero-day and sophisticated evasion a persistent challenge. The other ideas describe activities that are part of maintaining or improving IDS or are simply inaccurate (for example, logging is a normal capability, and IDS is not immune to false positives).