ExamTopics Logo
Mail Us[email protected]
Menu
Eccouncil Discussions
exam questions

Exam 312-49 All Questions

View all questions & answers for the 312-49 exam
Go to Exam

Exam 312-49 topic 1 question 57 discussion

Actual exam question from ECCouncil's 312-49
Question #: 57
Topic #: 1
[All 312-49 Questions]

Which Intrusion Detection System (IDS) usually produces the most false alarms due to the unpredictable behaviors of users and networks?

  • A. network-based IDS systems (NIDS)
  • B. host-based IDS systems (HIDS)
  • C. anomaly detection
  • D. signature recognition
Show Suggested Answer Hide Answer
Suggested Answer: B 🗳️
by simontkk2005 at April 30, 2019, 11:46 a.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
Bennoli13
1 year ago
Among the given options, anomaly detection systems typically produce the most false alarms. This is because anomaly detection systems work by identifying deviations from a baseline of normal behavior, which can be highly variable and unpredictable due to the diverse activities of users and networks. While both network-based IDS (NIDS) and host-based IDS (HIDS) can employ anomaly detection methods, it is the specific approach of anomaly detection itself that tends to generate a higher rate of false positives compared to signature-based detection methods, which rely on known patterns of malicious behavior.
upvoted 1 times
...
Ceh2024
1 year, 10 months ago
Selected Answer: C
out-of-the-ordinary behavior does not mean that it's 100% malicious. So the most false alarm will be happened on the anomaly detection IDS
upvoted 1 times
...
Humptydumtyy
4 years, 6 months ago
B is correct. The answer is in the question. users + network. anomaly detection is not a type of IDS
upvoted 2 times
...
W3bhakr
5 years, 5 months ago
According to http://techgenix.com/ids-part2-classification-methods-techniques/ the answer should be C
upvoted 2 times
...
ireen
5 years, 10 months ago
I believe “anomaly detection” is a feature not a type of ids. And in question (users and networks) are mentioned. So imho answer should be B
upvoted 1 times
...
Pet
6 years ago
Answer shd be C. anomaly detection
upvoted 2 times
...
simontkk2005
6 years, 2 months ago
Answer is B + C
upvoted 1 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel