To detect previously unseen threats, which detection approach should be used?

Prepare for the Network Security Examination by mastering key concepts in cybersecurity. Utilize interactive questions and detailed explanations to enhance your knowledge. Excel in your exam with our comprehensive preparation resources!

Multiple Choice

To detect previously unseen threats, which detection approach should be used?

Explanation:
Anomaly-based detection is designed to identify threats that don’t match normal behavior. It builds a baseline of what’s typical in the system or network, and anything that deviates from that baseline is flagged as suspicious. This makes it effective for catching previously unseen or zero-day threats, because those attacks often look different from normal activity even if their specific signatures aren’t known yet. Signature-based detection, by contrast, relies on known patterns. It’s very good at catching already-identified threats, but it won’t detect new attacks unless a signature for them exists. Because the question focuses on detecting threats that haven’t been seen before, anomaly-based detection is the best fit. In practice, many defenses use both to maximize coverage, but for unseen threats alone, anomaly detection is the strength.

Anomaly-based detection is designed to identify threats that don’t match normal behavior. It builds a baseline of what’s typical in the system or network, and anything that deviates from that baseline is flagged as suspicious. This makes it effective for catching previously unseen or zero-day threats, because those attacks often look different from normal activity even if their specific signatures aren’t known yet.

Signature-based detection, by contrast, relies on known patterns. It’s very good at catching already-identified threats, but it won’t detect new attacks unless a signature for them exists. Because the question focuses on detecting threats that haven’t been seen before, anomaly-based detection is the best fit. In practice, many defenses use both to maximize coverage, but for unseen threats alone, anomaly detection is the strength.

More Multiple Choice Questions
Subscribe

Get the latest from Passetra

You can unsubscribe at any time. Read our privacy policy