CISA Certified Information Systems Auditor – Question1625
Which of the following intrusion detection systems (IDSs) will MOST likely generate false alarms resulting from normal network activity? A. Statistical-based B. Signature-based C. Neural network D. Host-based
Correct Answer: A
Explanation:
Explanation:
A statistical-based IDS relies on a definition of known and expected behavior of systems. Since normal network activity may at times include unexpected behavior (e.g., a sudden massive download by multiple users), these activities will be flagged as suspicious.
A signature-based IDS is limited to its predefined set of detection rules, just like a virus scanner. A neural network combines the previous two IDSs to create a hybrid and better system. Host-based is another classification of IDS. Any of the three IDSs above may be host- or network-based.
Please disable your adblocker or whitelist this site!