Which statement describes the policy-based intrusion detection approach?
- It compares the signatures of incoming traffic to a known intrusion database.
- It compares the operations of a host against well-defined security rules.
- It compares the antimalware definitions to a central repository for the latest updates.
- It compares the behaviors of a host to an established baseline to identify potential intrusion.
Explanation: With the anomaly-based intrusion detection approach, a set of rules or policies are applied to a host. Violation of these policies is interpreted to be the result of a potential intrusion.
Exam with this question: Checkpoint Exam: Cryptography and Endpoint Protection Group Exam
Exam with this question: CCNA Cyber Ops Final Exam Answers
Exam with this question: OS and Endpoint Security Checkpoint Exam Answers
Exam with this question: Endpoint Security: My Knowledge Check Answers
Please login or Register to submit your answer