Which detection approach uses a database of anomalies and flags deviations from normal traffic, contrasting with signature detection?

Unlock all questions

This demo includes only 20 questions. Upgrade to access hundreds of questions, flashcards, exam simulations, and disable ads.

Full question bankExam simulationsFlashcards

From $9.99Unlock all

Prepare for the Certified Ethical Hacker Version 11 Exam with a comprehensive test featuring flashcards and multiple choice questions, each accompanied by hints and explanations to ensure a thorough understanding. Ace your ethical hacking exam with confidence!

Multiple Choice

Which detection approach uses a database of anomalies and flags deviations from normal traffic, contrasting with signature detection?

Anomaly detection hinges on a model of normal network behavior and flags anything that deviates from that baseline. It builds a profile of typical traffic and uses thresholds or learned patterns to score events; when something looks anomalous, it’s alerted as suspicious. This approach excels at catching unknown or novel threats because they don’t match any preexisting patterns. Signature-based detection, by contrast, relies on a database of known attack patterns and flags only those matches. Protocol-focused checks can be part of anomaly detection, but the general idea described—flagging deviations from normal traffic—fits anomaly detection best.

Which detection approach uses a database of anomalies and flags deviations from normal traffic, contrasting with signature detection?

Prepare for the Certified Ethical Hacker Version 11 Exam with a comprehensive test featuring flashcards and multiple choice questions, each accompanied by hints and explanations to ensure a thorough understanding. Ace your ethical hacking exam with confidence!

Which detection approach uses a database of anomalies and flags deviations from normal traffic, contrasting with signature detection?

Get the latest from Examzify