An IDS can only detect an attack. It will respond after detecting an attack, and IDS responses can be either passive or active. If you’re planning to take the Security+ exam, you should have a basic understanding of appropriate tools and techniques to discover security threats and vulnerabilities.
The DHCP interception is for detecting devices entering the network (example: your home wifi).
This serves two purposes: 1: vulnerability scanning and 2: if one owns a subscription with free slots and a new device supporting one of our products is connecting into the network, we suggest installing protection on it.
The new setting - default OFF - is to use only the light detection on DHCP port. Previously more traffic was analyzed but we come up with this split into lighter (OFF) and heavier (ON) device detection - the latter being for certain users running custom DHCP server software on their machines.