Joe, the Chief Technical Officer (CTO), is concerned about new malware being introduced into the corporate
network. He has tasked the security engineers to implement a technology that is capable of alerting the team
when unusual traffic is on the network. Which of the following types of technologies will BEST address this
scenario?

A.
Application Firewall

B.
Anomaly Based IDS

C.
Proxy Firewall

D.
Signature IDS

Explanation:
Anomaly-based detection watches the ongoing activity in the environment and looks for abnormal occurrences.
An anomaly-based monitoring or detection method relies on definitions of all valid forms of activity. This
database of known valid activity allows the tool to detect any and all anomalies. Anomaly-based detection is
commonly used for protocols. Because all the valid and legal forms of a protocol are known and can be
defined, any variations from those known valid constructions are seen as anomalies.
Incorrect Answers:
A: An application aware firewall provides filtering services for specific applications.
C: Proxy firewalls are used to process requests from an outside network; the proxy firewall examines the data
and makes rule-based decisions about whether the request should be forwarded or refused. The proxy
intercepts all of the packets and reprocesses them for use internally.
D: A signature-based monitoring or detection method relies on a database of signatures or patterns of known
malicious or unwanted activity.

Stewart, James Michael, CompTIA Security+ Review Guide, Sybex, Indianapolis, 2014, pp. 16, 20
Dulaney, Emmett and Chuck Eastton, CompTIA Security+ Study Guide, 6th Edition, Sybex, Indianapolis, 2014,
p. 98