Certified Ethical Hacker v11 312-50v11 – Question254

Which of the following options represents a conceptual characteristic of an anomaly-based IDS over a signature-based IDS?

A.
Cannot deal with encrypted network traffic
B. Requires vendor updates for new threats
C. Can identify unknown attacks
D. Produces less false positives

Correct Answer: C