Which of the followingis an incorrect characteristic of a statistical anomaly-based IDS?

Kathy has been asked to give the senior management a briefing on the differentsecurity technologies that are deployed in the environment. Which of the followingis an incorrect characteristic of a statistical anomaly-based IDS?

Kathy has been asked to give the senior management a briefing on the differentsecurity technologies that are deployed in the environment. Which of the followingis an incorrect characteristic of a statistical anomaly-based IDS?

A.
Behavioral-based product that compares user and traffic patterns to a profilethrough sampling.

B.
A technology that can detect new attacks

C.
A technology that uses if/then programming

D.
A product that usually causes a lot of man hours in false positives

Explanation:
Statistical anomaly-based IDS are behavior-based products that are putinto a learning mode to build a profile. The learning takes place by samplingtraffic and user activity. Once the profile is built all future activity is sampledand compared to this profile. They can detect new attacks and many times cause manyfalse positives. Rule-based IDS products use if/then programming.



Leave a Reply 0

Your email address will not be published. Required fields are marked *