nerdexam
GIAC

GSLC · Question #390

GSLC Question #390: Real Exam Question with Answer & Explanation

The correct answer is B. Signature-based detection. Matching specific URL strings against a database of known attack patterns is signature-based detection, the method that identifies attacks by recognizing predefined malicious signatures.

Question

An attacker makes an attempt against a Web server. The result is that the attack takes the form of URLs. These URLs search for a certain string that identifies an attack against the Web server. Which IDS/IPS detection method do the URLs use to detect and prevent an attack?

Options

  • APolicy-based detection
  • BSignature-based detection
  • CAnamoly-based detection
  • DHoney pot detection

Explanation

Matching specific URL strings against a database of known attack patterns is signature-based detection, the method that identifies attacks by recognizing predefined malicious signatures.

Common mistakes.

  • A. Policy-based detection defines what traffic is permitted or denied according to organizational security rules, not by matching specific strings against known attack patterns.
  • C. Anomaly-based detection establishes a baseline of normal behavior and flags statistical deviations from that baseline, rather than matching specific known attack strings in URLs.
  • D. A honeypot is a decoy system designed to lure attackers and observe their techniques - it is not an IDS/IPS detection method applied to live traffic inspection.

Concept tested. IDS/IPS signature-based detection method

Community Discussion

No community discussion yet for this question.

Sign up to join the discussion
Full GSLC Practice