Suggested Answer:B🗳️
There are two conceptual approaches to intrusion detection. Knowledge-based intrusion detection uses a database of known vulnerabilities to look for current attempts to exploit them on a system and trigger an alarm if an attempt is found. The other approach, not as common, is called behaviour-based or statistical analysis-based. A host-based intrusion detection system is a common implementation of intrusion detection, not a conceptual approach. Source: KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, John Wiley & Sons, 2001, Chapter 3: Telecommunications and Network Security (page 63). Also: HARRIS, Shon, All-In-One CISSP Certification Exam Guide, McGraw-Hill/Osborne, 2002, chapter 4: Access Control (pages 193-194).
The most common conceptual approach to intrusion detection systems is:
C. Statistical anomaly-based intrusion detection.
Statistical anomaly-based intrusion detection involves establishing a baseline of "normal" behavior within a system and then identifying deviations or anomalies from this baseline. It detects intrusions by flagging activities or behaviors that significantly differ from the established norms. This approach aims to identify potential threats or attacks by observing deviations in system behavior or patterns. It's widely used due to its ability to adapt to new or evolving threats without relying heavily on predefined attack signatures or patterns.
upvoted 2 times
...
Log in to ExamTopics
Sign in:
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
nanson
3 months, 1 week ago