PCCET Question #230: Real Exam Question with Answer & Explanation

Question

What differentiates knowledge-based systems from behavior-based systems?

Options

• ABehavior-based systems find the data that knowledge-based systems store.
• BKnowledge-based systems pull from a previously stored database that distinguishes "bad".
• CKnowledge-based systems try to find new, distinct traits to find "bad" things.
• DBehavior-based systems pull from a previously stored database that distinguishes "bad".

Explanation

Option B is correct because knowledge-based systems (also called signature-based systems) operate by comparing observed activity against a pre-built database of known malicious signatures or patterns - they recognize "bad" only if it already exists in that stored reference.

Why the distractors are wrong:

• A is incorrect because behavior-based systems do not serve as data collectors for knowledge-based systems; they are independent detection approaches.
• C describes the opposite system - finding new, unknown traits is the job of behavior-based (anomaly-based) systems, not knowledge-based ones.
• D swaps the definitions: it correctly describes the mechanism (pulling from a stored database) but assigns it to the wrong system type. That mechanism belongs to knowledge-based, not behavior-based.

Memory tip: Link "Knowledge = Known = Database" - if you already know something is bad, it's stored knowledge. Behavior-based systems, by contrast, watch for unusual actions and can catch zero-day threats precisely because they don't rely on prior knowledge of what "bad" looks like.

No community discussion yet for this question.