312-50V10 · Question #67
Bob finished a C programming course and created a small C application to monitor the network traffic and produce alerts when any origin sends "many" IP packets, based on the average number of packets
The correct answer is A. Just a network monitoring tool. Although Bob's tool uses statistical averaging and thresholds, it does not qualify as an Intrusion Detection System (IDS) because it lacks the defining characteristic of one: detecting intrusions or attacks. It simply counts IP packets per origin and fires an alert when the count
Question
Bob finished a C programming course and created a small C application to monitor the network traffic and produce alerts when any origin sends "many" IP packets, based on the average number of packets sent by all origins and using some thresholds. In concept, the solution developed by Bob is actually:
Options
- AJust a network monitoring tool
- BA signature-based IDS
- CA hybrid IDS
- DA behavior-based IDS
How the community answered
(34 responses)- A85% (29)
- B3% (1)
- C9% (3)
- D3% (1)
Explanation
Although Bob's tool uses statistical averaging and thresholds, it does not qualify as an Intrusion Detection System (IDS) because it lacks the defining characteristic of one: detecting intrusions or attacks. It simply counts IP packets per origin and fires an alert when the count exceeds a derived threshold-that is traffic volume monitoring, not intrusion detection. A behavior-based (anomaly) IDS (D) establishes behavioral baselines and correlates deviations to known attack patterns or intrusion indicators. A signature-based IDS (B) matches traffic against a library of known attack signatures. Bob's tool does neither; it is a basic network monitoring utility with threshold alerting. While it could coincidentally catch a DDoS flood, its design intent and logic classify it as a monitoring tool, not an IDS.
Topics
Community Discussion
No community discussion yet for this question.