Joe, the Chief Technical Officer (CTO), is concerned about new malware being introduced into the corporate
network. He has tasked the security engineers to implement a technology that is capable of alerting the team
when unusual traffic is on the network. Which of the following types of technologies will BEST address this
Anomaly Based IDS
Anomaly-based detection watches the ongoing activity in the environment and looks for abnormal occurrences.
An anomaly-based monitoring or detection method relies on definitions of all valid forms of activity. This
database of known valid activity allows the tool to detect any and all anomalies. Anomaly-based detection is
commonly used for protocols. Because all the valid and legal forms of a protocol are known and can be
defined, any variations from those known valid constructions are seen as anomalies.
A: An application aware firewall provides filtering services for specific applications.
C: Proxy firewalls are used to process requests from an outside network; the proxy firewall examines the data
and makes rule-based decisions about whether the request should be forwarded or refused. The proxy
intercepts all of the packets and reprocesses them for use internally.
D: A signature-based monitoring or detection method relies on a database of signatures or patterns of known
malicious or unwanted activity.
Stewart, James Michael, CompTIA Security+ Review Guide, Sybex, Indianapolis, 2014, pp. 16, 20
Dulaney, Emmett and Chuck Eastton, CompTIA Security+ Study Guide, 6th Edition, Sybex, Indianapolis, 2014,