Certified Ethical Hacker 312-50v10 – Question006

Which of the following options represents a conceptual characteristic of an anomaly-based IDS over a signature-based IDS?

Produces less false positives
B. Can identify unknown attacks
C. Requires vendor updates for a new threat
D. Cannot deal with encrypted network traffic

Correct Answer: B