ExamTopics Logo
Mail Us[email protected]
Menu
Palo-Alto-Networks Discussions
exam questions

Exam PCCET All Questions

View all questions & answers for the PCCET exam
Go to Exam

Exam PCCET topic 1 question 85 discussion

Actual exam question from Palo Alto Networks's PCCET
Question #: 85
Topic #: 1
[All PCCET Questions]

Which type of IDS/IPS uses a baseline of normal network activity to identify unusual patterns or levels of network activity that may be indicative of an intrusion attempt?

  • A. Knowledge-based
  • B. Signature-based
  • C. Behavior-based
  • D. Database-based
Show Suggested Answer Hide Answer
Suggested Answer: C 🗳️
by blahblah1234567890000 at Sept. 4, 2022, 7:21 a.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
emlee
8 months ago
Selected Answer: B
most recent PCCET study guide has the response quoted by leipeG 4 months ago; correct answer is B
upvoted 2 times
...
leipeG
1 year ago
Selected Answer: C
The type of IDS/IPS that uses a baseline of normal network activity to identify unusual patterns or levels of network activity that may be indicative of an intrusion attempt is: C. Behavior-based Behavior-based intrusion detection and prevention systems (IDS/IPS) analyze the behavior and activities of network traffic or systems to detect anomalies or deviations from normal behavior. They establish a baseline of what is considered "normal" and then trigger alerts or block activity that deviates from that baseline. This approach is particularly effective at identifying new or previously unseen threats that may not have specific signatures or known patterns.
upvoted 1 times
...
splashy
1 year, 3 months ago
Selected Answer: C
"normal network activity" & "unusual patterns" are a behavior not a signature.
upvoted 1 times
...
csco10320953
1 year, 10 months ago
Which type of IDS/IPS uses a baseline of normal network activity -Key word baseline of normal network actvitiy - ANS: Signature Based
upvoted 1 times
...
blahblah1234567890000
2 years, 1 month ago
Selected Answer: C
A behavior-based system uses a baseline of normal network activity to identify unusual patterns or levels of network activity that may be indicative of an intrusion attempt.
upvoted 4 times
blahblah1234567890000
2 years, 1 month ago
IDSs and IPSs also can be classified as knowledge-based (or signature-based) or behavior-based (or statistical anomaly-based) systems: ● A knowledge-based system uses a database of known vulnerabilities and attack profiles to identify intrusion attempts. These types of systems have lower false-alarm rates than behavior-based systems but must be continually updated with new attack signatures to be effective. ● A behavior-based system uses a baseline of normal network activity to identify unusual patterns or levels of network activity that may be indicative of an intrusion attempt. These types of systems are more adaptive than knowledge-based systems and therefore may be more effective in detecting previously unknown vulnerabilities and attacks, but they have a much higher false-positive rate than knowledge-based systems
upvoted 3 times
...
duckduckgooo
2 years ago
Agreed https://www.paloaltonetworks.com/cyberpedia/what-is-an-intrusion-prevention-system-ips
upvoted 1 times
...
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago