nerdexam
F5

101 · Question #512

The use of attack signature within an intrusion Detection System (IDS) is an application of which security model?

The correct answer is C. Negative. Attack signatures in an IDS represent the negative security model, which blocks known-bad patterns while allowing all other traffic. This is the inverse of the positive model, which only allows known-good traffic.

Section 4: Security Basics

Question

The use of attack signature within an intrusion Detection System (IDS) is an application of which security model?

Options

  • APositive
  • BContext-based
  • CNegative
  • DRole-based

How the community answered

(24 responses)
  • B
    4% (1)
  • C
    96% (23)

Why each option

Attack signatures in an IDS represent the negative security model, which blocks known-bad patterns while allowing all other traffic. This is the inverse of the positive model, which only allows known-good traffic.

APositive

The positive security model defines explicitly allowed behavior (whitelist) and blocks everything else - the opposite of signature-based detection.

BContext-based

Context-based is not a standard IDS security model classification; it is sometimes used in firewall inspection terminology, not IDS taxonomy.

CNegativeCorrect

The negative security model (also called blacklist or signature-based model) works by identifying and blocking known malicious patterns or attack signatures. An IDS using signature matching exemplifies this model - it allows all traffic except what matches a known-bad signature database.

DRole-based

Role-based is an access control model (RBAC) that governs user permissions, not a security detection methodology for IDS.

Concept tested: IDS negative security model - signature-based detection

Source: https://csrc.nist.gov/publications/detail/sp/800-94/final

Topics

#IDS#attack signatures#negative security model#intrusion detection

Community Discussion

No community discussion yet for this question.

Full 101 Practice