Comptia Security Plus Mock Test Q17

The network security engineer just deployed an IDS on the network, but the Chief Technical Officer (CTO) has concerns that the device is only able to detect known anomalies. Which of the following types of IDS has been deployed?

A. Signature Based IDS
B. Heuristic IDS
C. Behavior Based IDS
D. Anomaly Based IDS

Correct Answer: A
Section: Network Security

Explanation:
A signature based IDS will monitor packets on the network and compare them against a database of signatures or attributes from known malicious threats.
Incorrect Answers:

B, C: The technique used by anomaly-based IDS/IPS systems is also referred as network behavior analysis or heuristics analysis.

D: An IDS which is anomaly based will monitor network traffic and compare it against an established baseline. The baseline will identify what is “normal” for that network- what sort of
bandwidth is generally used, what protocols are used, what ports and devices generally connect to each other- and alert the administrator or user when traffic is detected which is
anomalous, or significantly different, than the baseline.

References:
https://technet.microsoft.com/en-us/library/dd277353.aspx
http://en.wikipedia.org/wiki/Intrusion_detection_system#Signature-based_IDS
http://en.wikipedia.org/wiki/Intrusion_detection_system#Statistical_anomaly-based_IDS