(ISC)2(ISC)2
CSSLP · Question #209
CSSLP Question #209: Real Exam Question with Answer & Explanation
The correct answer is C: Anomaly-based. Anomaly-based intrusion detection systems (IDS) identify suspicious activity by monitoring network traffic and comparing it to a predefined baseline of normal behavior.
Secure Software Deployment, Operations, Maintenance
Question
Which of the following intrusion detection systems (IDS) monitors network traffic and compares it against an established baseline?
Options
- AFile-based
- BNetwork-based
- CAnomaly-based
- DSignature-based
Explanation
Anomaly-based intrusion detection systems (IDS) identify suspicious activity by monitoring network traffic and comparing it to a predefined baseline of normal behavior.
Common mistakes.
- A. File-based IDS (also known as Host-based IDS or HIDS) primarily monitors system files, logs, and processes on a host, not network traffic against a baseline.
- B. Network-based IDS (NIDS) is a category that monitors network traffic, but it can be either anomaly-based or signature-based; it's not the specific method of comparing against a baseline.
- D. Signature-based IDS detects intrusions by comparing network traffic patterns against a database of known attack signatures, not against an established baseline of normal activity.
Concept tested. Intrusion Detection System (IDS) types
Reference. https://learn.microsoft.com/en-us/azure/security-center/adaptive-network-hardening
Topics
#IDS#Anomaly-based IDS#Network Security#Monitoring
Community Discussion
No community discussion yet for this question.