{"id":548,"date":"2021-01-17T05:35:27","date_gmt":"2021-01-16T18:01:51","guid":{"rendered":"https:\/\/exampracticetests.com\/ISC\/SSCP\/systems-security-certified-practitioner-sscp-question0540\/"},"modified":"2021-01-17T05:44:22","modified_gmt":"2021-01-17T05:44:22","slug":"systems-security-certified-practitioner-sscp-question0540","status":"publish","type":"post","link":"https:\/\/exampracticetests.com\/ISC\/SSCP\/systems-security-certified-practitioner-sscp-question0540\/","title":{"rendered":"Systems Security Certified Practitioner &#8211; SSCP &#8211; Question0540"},"content":{"rendered":"<div class=\"question\">Which of the following assertions is NOT true about pattern matching and anomaly detection in intrusion detection? <br \/><strong><br \/>A.<\/strong> Anomaly detection tends to produce more data <br \/><strong>B.<\/strong> A pattern matching IDS can only identify known attacks <br \/><strong>C.<\/strong> Stateful matching scans for attack signatures by analyzing individual packets instead of traffic streams <br \/><strong>D.<\/strong> An anomaly-based engine develops baselines of normal traffic activity and throughput, and alerts on deviations from these baselines<\/div>\n<p><\/p>\n<style> .hidden-div{ display:none } <\/style>\n<p>\t\t\t\t\t\t\t<button onclick=\"getElementById('hidden-div').style.display = 'block'\"> Show Answer <\/button> <button onclick=\"getElementById('hidden-div').style.display = 'none'\">Hide Answer<\/button><\/p>\n<div class=\"hidden-div\" id=\"hidden-div\"><span style=\"\"><\/p>\n<div class=\"answer\">Correct Answer: <strong>C<\/strong><\/div>\n<p><strong>Explanation:<\/strong> <\/p>\n<div class=\"explanation\">\nThis is wrong which makes this the correct choice. This statement is not true as stateful matching scans for attack signatures by analyzing traffic streams rather than individual packets. Stateful matching intrusion detection takes pattern matching to the next level.<br \/>\nAs networks become faster there is an emerging need for security analysis techniques that can keep up with the increased network throughput. Existing network-based intrusion detection sensors can barely keep up with bandwidths of a few hundred Mbps. Analysis tools that can deal with higher throughput are unable to maintain state between different steps of an attack or they are limited to the analysis of packet headers.<br \/>\nThe following answers are all incorrect:<br \/>\nAnomaly detection tends to produce more data is true as an anomaly-based IDS produces a lot of data as any activity outside of expected behavior is recorded.<br \/>\nA pattern matching IDS can only identify known attacks is true as a pattern matching IDS works by comparing traffic streams against signatures. These signatures are created for known attacks.<br \/>\nAn anomaly-based engine develops baselines of normal traffic activity and throughput, and alerts on deviations from these baselines is true as the assertion is a characteristic of a statistical anomaly-based IDS.<br \/>\nReference: Official guide to the CISSP CBK. Pages 198 to 201 <a href=\"http:\/\/cs.ucsb.edu\/~vigna\/publications\/2003_vigna_robertson_kher_kemmerer_ACSAC03.pdf\" title=\"External link\" rel=\"nofollow noopener\" target=\"_blank\">http:\/\/cs.ucsb.edu\/~vigna\/publications\/2003_vigna_robertson_kher_ke&#8230;<\/a><\/div>\n<p><\/strong><\/span> <\/div>\n","protected":false},"excerpt":{"rendered":"<p>Which of the following assertions is NOT true about pattern matching and anomaly detection in intrusion detection? A. Anomaly detection tends to produce more data B. A pattern matching IDS can only identify known attacks C. Stateful matching scans for attack signatures by analyzing individual packets instead of traffic streams D. An anomaly-based engine develops [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[2],"tags":[1078,543,3],"class_list":["post-548","post","type-post","status-publish","format-standard","hentry","category-systems-security-certified-practitioner-sscp","tag-choices","tag-question-0540","tag-systems-security-certified-practitioner-sscp"],"_links":{"self":[{"href":"https:\/\/exampracticetests.com\/ISC\/SSCP\/wp-json\/wp\/v2\/posts\/548","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/exampracticetests.com\/ISC\/SSCP\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/exampracticetests.com\/ISC\/SSCP\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/exampracticetests.com\/ISC\/SSCP\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/exampracticetests.com\/ISC\/SSCP\/wp-json\/wp\/v2\/comments?post=548"}],"version-history":[{"count":1,"href":"https:\/\/exampracticetests.com\/ISC\/SSCP\/wp-json\/wp\/v2\/posts\/548\/revisions"}],"predecessor-version":[{"id":1624,"href":"https:\/\/exampracticetests.com\/ISC\/SSCP\/wp-json\/wp\/v2\/posts\/548\/revisions\/1624"}],"wp:attachment":[{"href":"https:\/\/exampracticetests.com\/ISC\/SSCP\/wp-json\/wp\/v2\/media?parent=548"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/exampracticetests.com\/ISC\/SSCP\/wp-json\/wp\/v2\/categories?post=548"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/exampracticetests.com\/ISC\/SSCP\/wp-json\/wp\/v2\/tags?post=548"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}