PrepAway - Latest Free Exam Questions & Answers

Which of the following best describes signature-based d…

Which of the following best describes signature-based detection?

PrepAway - Latest Free Exam Questions & Answers

A.
Compare source code, looking for events or sets of events that could cause damage to a system or
network.

B.
Compare system activity for the behavior patterns of new attacks.

C.
Compare system activity, looking for events or sets of events that match a predefined pattern of events that
describe a known attack.

D.
Compare network nodes looking for objects or sets of objects that match a predefined pattern of objects
that may describe a known attack.

Explanation:
Models of how the attacks are carried out are developed and called signatures. Each identified attack has a
signature, which is used to detect an attack in progress or determine if one has occurred within the network.
Any action that is not recognized as an attack is considered acceptable.
Incorrect Answers:
A: Signature-based detection checks activities and events. It does check source codes.
B: Signature-based detection checks for patterns of old known attacks. It does not check for new unknown
patterns of attacks.
D: Signature-based detection monitors activities and events, not objects.

Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, New York, 2013, p. 257


Leave a Reply