SY0-701 · Question #656
SY0-701 Question #656: Real Exam Question with Answer & Explanation
The correct answer is A: Signatures. Signatures are the core detection mechanism an IDS uses to identify known attack patterns - when an attack goes undetected, it typically means no matching signature exists, so creating or updating signatures for that attack pattern enables the IDS to recognize it in the future. T
Question
A security analyst notices unusual behavior on the network. The IDS on the network was not able to detect the activities. Which of the following should the security analyst use to help the IDS detect such attacks in the future?
Options
- ASignatures
- BTrends
- CHoneypot
- DReputation
Explanation
Signatures are the core detection mechanism an IDS uses to identify known attack patterns - when an attack goes undetected, it typically means no matching signature exists, so creating or updating signatures for that attack pattern enables the IDS to recognize it in the future.
Trends (B) refer to analyzing historical data patterns over time and are more useful for forecasting or capacity planning, not for teaching an IDS to recognize specific attack behavior. Honeypots (C) are decoy systems used to lure and study attackers, which can inform signature creation but are not directly used to configure IDS detection. Reputation (D) involves blocking based on known-bad IP addresses or domains, which is a separate filtering mechanism and doesn't help the IDS detect novel attack techniques.
Memory tip: Think of an IDS like a bouncer with a "most wanted" photo book - if someone isn't in the book, they get through. Adding a new signature is like adding a new photo, so the bouncer catches that person next time.
Topics
Community Discussion
No community discussion yet for this question.