Systems Security Certified Practitioner – SSCP – Question0462
Which conceptual approach to intrusion detection system is the most common? A. Behavior-based intrusion detection B. Knowledge-based intrusion detection C. Statistical anomaly-based intrusion detection D. Host-based intrusion detection
Correct Answer: B
Explanation:
There are two conceptual approaches to intrusion detection. Knowledge-based intrusion detection uses a database of known vulnerabilities to look for current attempts to exploit them on a system and trigger an alarm if an attempt is found. The other approach, not as common, is called behaviour-based or statistical analysis-based. A host-based intrusion detection system is a common implementation of intrusion detection, not a conceptual approach. Source: KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, John Wiley & Sons, 2001, Chapter 3: Telecommunications and Network Security (page 63). Also: HARRIS, Shon, All-In-One CISSP Certification Exam Guide, McGraw-Hill/Osborne, 2002, chapter 4: Access Control (pages 193-194).
Please disable your adblocker or whitelist this site!