Signature-based detection and behavior-based detection are two common approaches used in cybersecurity to detect and prevent attacks. The main difference between these two methods is how they identify potential threats.
Signature-based detection involves using a predefined set of rules, or signatures, to identify known patterns of malicious activity. These signatures are often based on specific characteristics of a known threat, such as a particular virus or malware strain. When a signature-based system detects a pattern that matches one of these predefined rules, it generates an alert or takes some other action to prevent the attack.
On the other hand, behavior-based detection focuses on identifying abnormal behavior that may indicate an attack. Instead of using predefined rules or signatures, behavior-based systems analyze patterns of activity to identify anomalies that may be indicative of an attack. For example, a behavior-based system might flag an unusual amount of network traffic from a particular device or identify a user accessing a critical system outside of normal business hours.
I agree the answer is B because signature-based detection is only known threats. Known threats mean it most certainly has rules established already and detected based on pre-established rules.
The answer is "D" and is correct. Read "B" carefully it says "Behavior-based identifies behaviors that may be linked to attacks" ---- this is not behavior based...this is almost the definition of signature based. Behavior based identifies anomalies
D is correct
the signature base uses a know vulnerability table, which means a vulnerability is already known and signed as a vulnerability. In contrast, the behavior base looks through already existing data and sees if there is abnormal behavior.
Instead of searching for patterns linked to specific types of attacks, behavior-based IDS solutions monitor behaviors that may be linked to attacks, increasing the likelihood of identifying and mitigating a malicious action before the network is compromised.
https://accedian.com/blog/what-is-the-difference-between-signature-based-and-behavior-based-ids/
This section is not available anymore. Please use the main Exam Page.200-201 Exam Questions
Log in to ExamTopics
Sign in:
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
drdecker100
Highly Voted 1 year, 8 months agoRoBery
Most Recent 9 months, 2 weeks agoitmonkey1
1 year, 7 months agotrigger4848
1 year, 11 months agoNhendy
2 years, 3 months agoanonymous1966
2 years, 3 months agoadodoccletus
2 years, 4 months agoPanteLa_26
2 years, 9 months agoDaveEly
2 years, 9 months agoSamuelpn96
2 years, 9 months agohalamah
2 years, 11 months ago