PrepAway - Latest Free Exam Questions & Answers

What IDS approach relies on a database of known attacks?

What IDS approach relies on a database of known attacks?

PrepAway - Latest Free Exam Questions & Answers

A.
Signature-based intrusion detection

B.
Statistical anomaly-based intrusion detection

C.
Behavior-based intrusion detection

D.
Network-based intrusion detection

Explanation:
A signature based IDS monitors packets and compares them against a database of signatures or attributes
from known malicious threats.
Incorrect Answers:
B: An IDS which is anomaly based monitors network traffic and compares it against an established baseline,
which identifies what is “normal” for that network, and the alerts the relevant party when traffic is detected which
is significantly different to the baseline.
C: A statistical anomaly–based IDS is a behavioral-based system, which does not relies on a database of
known attacks.
D: On-line network-based IDS monitors network traffic in real time and it analyses the Ethernet packet and
applies it on the same rules to decide if it is an attack or not.

https://en.wikipedia.org/wiki/Intrusion_detection_system
Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, 2013, p. 258


Leave a Reply