Joe, the Chief Technical Officer (CTO), is concerned about new malware being introduced into the
corporate network. He has tasked the security engineers to implement a technology that is capable of
alerting the team when unusual traffic is on the network. Which of the following types of technologies
will BEST address this scenario?

A.
Application Firewall

B.
Anomaly Based IDS

C.
Proxy Firewall

D.
Signature IDS

Explanation:
Anomaly-based detection watches the ongoing activity in the environment and looks for abnormal
occurrences. An anomaly-based monitoring or detection method relies on definitions of all valid forms of
activity. This database of known valid activity allows the tool to detect any and all anomalies. Anomalybased detection is commonly used for protocols. Because all the valid and legal forms of a protocol are
known and can be defined, any variations from those known valid constructions are seen as anomalies.
Incorrect Answers:
A: An application aware firewall provides filtering services for specific applications.
C: Proxy firewalls are used to process requests from an outside network; the proxy firewall examines the
data and makes rule-based decisions about whether the request should be forwarded or refused. The
proxy intercepts all of the packets and reprocesses them for use internally.
D: A signature-based monitoring or detection method relies on a database of signatures or patterns of
known malicious or unwanted activity.

Stewart, James Michael, CompTIA Security+ Review Guide, Sybex, Indianapolis, 2014, pp. 16, 20Dulaney, Emmett and Chuck Eastton, CompTIA Security+ Study Guide, 6th Edition, Sybex, Indianapolis,
2014, p. 98