Exam 200-201 topic 1 question 21 discussion

B is correct. Statistical checks over a period of time to see if it adheres to certain trends. Rulebased just checks for this specific moment.

A. Threat represents a potential danger that could take advantage of a weakness, while the risk is the likelihood of a compromise or damage of an asset.

B. Statistical detection defines legitimate data of users over a period of time and rule-based detection defines it on an IF/THEN basis

The answer is B. Statistical detection models use mathematical algorithms to define normal user behavior over a period of time, and deviations from this behavior are flagged as potential threats. Rule-based detection models, on the other hand, use a predefined set of rules to identify specific patterns or signatures of known attacks. Rule-based detection models operate on an IF/THEN basis, where if a certain condition is met, a threat is flagged.

Rule-based detection models use a predefined set of rules to determine whether a particular behavior is normal or anomalous. These rules are typically based on the expected behavior of legitimate users, and are often expressed in an "if-then" format. For example, a rule-based system might flag any attempt to log in to a particular application from an unusual IP address as potentially suspicious. Statistical detection models, on the other hand, use statistical analysis to identify patterns of behavior that deviate from the norm. These models are often based on machine learning algorithms that analyze large amounts of data to identify normal behavior and then flag any activity that deviates from that norm as potentially suspicious. For example, a statistical detection model might flag any attempt to transfer an unusually large amount of data from a particular user account as potentially suspicious.

Agreed for B

B IS CORRECT STATIC OVER PERIOD OF TIME RULE BASED IDENTIFY POTENTIAL attack