Cisco
352-001 · Question #205
352-001 Question #205: Real Exam Question with Answer & Explanation
The correct answer is C: baseline data. Anomaly-based intrusion detection requires a baseline of normal behavior as the reference point against which deviations are measured to identify potential attacks.
Question
What is required in order to perform attack detection using anomaly detection technologies?
Options
- Apacket captures
- Bexploit signatures
- Cbaseline data
- Dsyslog data
Explanation
Anomaly-based intrusion detection requires a baseline of normal behavior as the reference point against which deviations are measured to identify potential attacks.
Common mistakes.
- A. Packet captures are a forensic and investigative tool used after detection or for manual analysis, not a prerequisite for the anomaly detection engine itself.
- B. Exploit signatures are the foundation of signature-based (misuse) detection systems, not anomaly detection, which works without any knowledge of specific attack patterns.
- D. Syslog data provides event logs for review and SIEM correlation, but anomaly detection requires statistical behavioral baseline profiles, not log entries, as its core reference.
Concept tested. Anomaly-based IDS baseline requirement for attack detection
Reference. https://csrc.nist.gov/publications/detail/sp/800-94/final
Community Discussion
No community discussion yet for this question.