Which term describes a network intrusion detection system that identifies attacks by comparing traffic to known signatures?

Unlock all questions

This demo includes only 20 questions. Upgrade to access hundreds of questions, flashcards, exam simulations, and disable ads.

Full question bankExam simulationsFlashcards
From $9.99Unlock all

Prepare for the Certified Ethical Hacker Version 11 Exam with a comprehensive test featuring flashcards and multiple choice questions, each accompanied by hints and explanations to ensure a thorough understanding. Ace your ethical hacking exam with confidence!

Multiple Choice

Which term describes a network intrusion detection system that identifies attacks by comparing traffic to known signatures?

Explanation:
This question focuses on how a network intrusion detection system recognizes threats by checking traffic against known patterns. A signature-based NIDS works by maintaining a database of attack signatures—specific patterns in packets or traffic that match malicious activity. When the monitor sees traffic that matches one of these signatures, it flags the activity as a known attack. This approach is very effective for detecting threats we’ve seen before and keeps false positives relatively low when signatures are current, but it won’t catch new, unseen, or heavily obfuscated attacks until a matching signature is added. For contrast, bytes-only anomaly detectors look for unusual deviations from normal traffic, heuristic-based NIDS use broader rules to infer suspicious behavior, and polymorphic shellcode refers to a type of attack that changes its payload to evade signatures rather than a detection method. So the description best matches a signature-based NIDS.

This question focuses on how a network intrusion detection system recognizes threats by checking traffic against known patterns. A signature-based NIDS works by maintaining a database of attack signatures—specific patterns in packets or traffic that match malicious activity. When the monitor sees traffic that matches one of these signatures, it flags the activity as a known attack. This approach is very effective for detecting threats we’ve seen before and keeps false positives relatively low when signatures are current, but it won’t catch new, unseen, or heavily obfuscated attacks until a matching signature is added. For contrast, bytes-only anomaly detectors look for unusual deviations from normal traffic, heuristic-based NIDS use broader rules to infer suspicious behavior, and polymorphic shellcode refers to a type of attack that changes its payload to evade signatures rather than a detection method. So the description best matches a signature-based NIDS.

More Multiple Choice Questions
Subscribe

Get the latest from Examzify

You can unsubscribe at any time. Read our privacy policy