Which of the following intrusion detection systems (IDS) monitors network traffic and compares it
against an established baseline?
A.
File-based
B.
Network-based
C.
Anomaly-based
D.
Signature-based
Explanation:
The anomaly-based intrusion detection system (IDS) monitors network traffic and
compares it against an established baseline. This type of IDS monitors traffic and system activity
for unusual behavior based on statistics. In order to identify a malicious activity, it learns normal
A network-based IDS can be a dedicated hardware appliance, or an application running on a
computer, attached to the network. It monitors all traffic in a network or traffic coming through an
detection system (IDS) that is file-based.