PrepAway - Latest Free Exam Questions & Answers

Which of the following types of IDS has been deployed?

The network security engineer just deployed an IDS on the network, but the Chief Technical Officer (CTO) has
concerns that the device is only able to detect known anomalies. Which of the following types of IDS has been
deployed?

PrepAway - Latest Free Exam Questions & Answers

A.
Signature Based IDS

B.
Heuristic IDS

C.
Behavior Based IDS

D.
Anomaly Based IDS

Explanation:
A signature based IDS will monitor packets on the network and compare them against a database of signatures
or attributes from known malicious threats.
Incorrect Answers:
B, C: The technique used by anomaly-based IDS/IPS systems is also referred as network behavior analysis or
heuristics analysis.
D: An IDS which is anomaly based will monitor network traffic and compare it against an established baseline.
The baseline will identify what is “normal” for that network- what sort of bandwidth is generally used, what
protocols are used, what ports and devices generally connect to each other- and alert the administrator or user
when traffic is detected which is anomalous, or significantly different than the baseline.

https://technet.microsoft.com/en-us/library/dd277353.aspx
http://en.wikipedia.org/wiki/Intrusion_detection_system#Signature-based_IDS
http://en.wikipedia.org/wiki/Intrusion_detection_system#Statistical_anomaly-based_IDS


Leave a Reply