Skillset can help you prepare! Sign up for your free Skillset account and take the first steps towards your certification.
Tom works for Skillset and does not have the budget to buy a firewall. He is using IDS as the protection method. He wants to use an approach that compares current activity against previous activity. Which of the following does that?
Behavior-Based-Detection IDS
Heuristic IDS
MD-IDS
Anomaly-Detection IDS
A heuristic system compares current activity against previous activity passing through the network. As a general rule, heuristic systems require more tweaking and fine-tuning than the other types of detection systems to prevent false positives in the network. (updated by TK)
*** Excuse me, but from the problem statement Behavior-Based-Detection IDS is the better answer in light of the reading from https://www.sans.org/security-resources/idfaq/what-is-behavior-based-intrusion-detection/2/6, "Behavior-based intrusion detection techniques assume that an intrusion can be detected by observing a deviation from normal or expected behavior of the system or the users. The model of normal or valid behavior is extracted from reference information collected by various means. The intrusion detection system later compares this model with the current activity. When a deviation is observed, an alarm is generated. In other words, anything that does not correspond to a previously learned behavior is considered intrusive." Furthermore please be aware that Heuristic IDS and Anomaly-Detection IDS are one and the same, see http://www.informit.com/articles/article.aspx?p=31339&seqNum=5, which states that, " Heuristic intrusion detection systems, also known as anomaly based, build a model of acceptable behavior and flag exceptions to that model." The upshot here is to reword the question, or to change the choices to better conform with the question. ***
Train with Skillset and pass your certification exam. Faster. Guaranteed.
Study thousands of practice questions that organized by skills and ranked by difficulty.
Create a tailored training plan based on the knowledge you already possess.
Know when you’re ready for the high-stakes exam. Have the confidence that you will pass on your first attempt.