ExamTopics Logo
Mail Us[email protected]
Menu
Comptia Discussions
exam questions

Exam SY0-501 All Questions

View all questions & answers for the SY0-501 exam
Go to Exam

Exam SY0-501 topic 1 question 819 discussion

Actual exam question from CompTIA's SY0-501
Question #: 819
Topic #: 1
[All SY0-501 Questions]

An organization plans to transition the intrusion detection and prevention techniques on a critical subnet to an anomaly-based system. Which of the following does the organization need to determine for this to be successful?

  • A. The baseline
  • B. The endpoint configurations
  • C. The adversary behavior profiles
  • D. The IPS signatures
Show Suggested Answer Hide Answer
Suggested Answer: A 🗳️
by CoRell at Aug. 13, 2020, 2:49 a.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
CoRell
Highly Voted 4 years, 9 months ago
A. (Baseline)
upvoted 8 times
...
Born_Again
Highly Voted 3 years, 11 months ago
Baseline= Anomaly-Based IPS Signature= Signature- Based Adversary Behavior= Behavioral-Based
upvoted 8 times
...
simo77
Most Recent 4 years, 1 month ago
an anomaly-based system is the key answer is A
upvoted 1 times
...
hlwo
4 years, 7 months ago
Key word " critical subnet" so the have to know the baseline.
upvoted 2 times
mindtricks
4 years, 4 months ago
No, the key to this is that an anomaly = something that doesn't happen often. But to know that you'd need to establish a baseline of what is normal.
upvoted 9 times
...
...
jama
4 years, 8 months ago
anomaly-based means heuristic-based and it compares the current activity with previously created one -baseline. the answer should be A
upvoted 5 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago