Which statement describes the anomaly-based intrusion detection approach?
- It compares the antivirus definition file to a cloud based repository for latest updates.
- It compares the behavior of a host to an established baseline to identify potential intrusions.
- It compares the signatures of incoming traffic to a known intrusion database.
- It compares the operations of a host against a well-defined security policy.
Explanation: With an anomaly-based intrusion detection approach, a baseline of host behaviors is established first. The host behavior is checked against the baseline to detect significant deviations, which might indicate potential intrusions.
Exam with this question: CyberOps Associate (Version 1.0) – CyberOps Associate 1.0 Practice Final exam
Exam with this question: CCNA Cyber Ops Chapter 10 Exam Answers