PrepAway - Latest Free Exam Questions & Answers

Which of the following IPS detection types does not req…

Which of the following IPS detection types does not require regularly updated definition files? (Select the best
answer.)

PrepAway - Latest Free Exam Questions & Answers

A.
patternbased

B.
profilebased

C.
signaturebased

D.
reputationbased

Explanation:
Profilebased detection methods, which are also known as anomalybased detection methods, do not require
regularly updated definition files. Profilebased detection methods detect abnormal behavior on a network.
Traffic is classified as normal or abnormal based on information that is dynamically learned or manually
programmed. The benefit of anomalybased detection is that anything that is not specified as normal is
classified as abnormal? therefore, anomalybased detection can typically detect a wide range of threats. One
drawback of anomalybased detection is that new traffic patterns are required on a regular basis on all but the
smallest of networks, which leads to a lot of false positives. Another drawback is the memory and processing
power required to handle profiles for each user.
By contrast, patternbased detection methods, which are also called signaturebased methods, require regularlyupdated definition files. Patternbased detection methods use specific strings of text to detect malicious traffic.
Many signaturebased detection methods can also use protocols and port numbers to further specify malicious
traffic patterns. The benefit of signaturebased detection methods is that the number of false positives
generated is typically low. However, the drawback is that a modified attack cannot be detected by old signature
definition files? the modified attack will not be detected until a new signature is added for the modified attack.
Therefore, Cisco recommends updating signature files, including antivirus signatures, every time a new update
is available.
Reputationbased detection methods use information collected from a global network of security devices to
detect malicious traffic. Because the information available is constantly being updated, reputationbased
systems require frequent updates to their definition files. The primary advantage to these frequent updates is
that many attacks can be detected and prevented based on information gathered from other systems that have
already experienced the same attack.

CCNA Security 210260 Official Cert Guide, Chapter 17, SignatureBased IPS/IDS, p. 464


Leave a Reply