- It compares the antivirus definition file to a cloud based repository for latest updates.
- It compares the behavior of a host to an established baseline to identify potential intrusions.
- It compares the signatures of incoming traffic to a known intrusion database.
- It compares the operations of a host against a well-defined security policy.
Explanation: With an anomaly-based intrusion detection approach, a baseline of host behaviors is established first. The host behavior is checked against the baseline to detect significant deviations, which might indicate potential intrusions.
More Questions: CyberOps Associate (Version 1.0) – CyberOps Associate 1.0 Practice Final exam
More Questions: CCNA Cyber Ops Chapter 10 Exam Answers