Skillset can help you prepare! Sign up for your free Skillset account and take the first steps towards your certification.
Which type of IDS is best described as an IDS that determines the "normal" usage profile using statistical samples?
Anomaly Based
Signature Based
Host Based
Knowledge Based
Network Based IDS
From SANS: "To identify an anomaly, the system uses data compiled from previous network behavior. Since warnings are based on actual usage patterns, statistical systems can adapt to behaviors and therefore create their own rule usage-patterns. The usage-patterns are what dictate how anomalous a packet may be to the network. Anomalous activity is measured by a number of variables sampled over time and stored in a profile. Based on the anomaly score of a packet, the reporting process will deem it an alert if it is sufficiently anomalous; otherwise, the IDS will simply ignore the trace. " https://www.sans.org/security-resources/idfaq/statistical-based-approach-to-intrusion-detection/2/15 <
Train with Skillset and pass your certification exam. Faster. Guaranteed.
Study thousands of practice questions that organized by skills and ranked by difficulty.
Create a tailored training plan based on the knowledge you already possess.
Know when you’re ready for the high-stakes exam. Have the confidence that you will pass on your first attempt.