New Year Sale 2026! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions
Mail Us support@pass4success.com
Location US
Mob_nav_barsMENU

Eccouncil ECSS Exam - Topic 5 Question 94 Discussion

Actual exam question for Eccouncil's ECSS exam
Question #: 94
Topic #: 5
[All ECSS Questions]

Messy, a network defender, was hired to secure an organization's internal network. He deployed an IDS in which the detection process depends on observing and comparing the observed events with the normal behavior and then detecting any deviation from it.

Identify the type of IDS employed by Messy in the above scenario.

Show Suggested Answer Hide Answer
Suggested Answer: B

by Ricarda at Sep 18, 2024, 10:06 PM

Limited Time Offer

25%

Off

Get Premium ECSS Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

0/2000 characters
Submit Cancel
Portia
3 months ago
Sounds a bit off to me. How do we know it’s not application proxy?
upvoted 0 times
...
Quentin
3 months ago
Wait, are we sure it’s not stateful protocol analysis?
upvoted 0 times
...
Iola
3 months ago
Agreed, anomaly-based is the right choice here.
upvoted 0 times
...
Wendell
4 months ago
I think it’s signature-based, though.
upvoted 0 times
...
Lai
4 months ago
Definitely anomaly-based! It looks for deviations.
upvoted 0 times
...
Marylyn
4 months ago
I could be wrong, but I feel like signature-based IDS focuses more on known threats rather than behavior deviations.
upvoted 0 times
...
Ruthann
4 months ago
This sounds similar to a practice question I did on IDS types, and I believe the answer is anomaly-based too.
upvoted 0 times
...
Vesta
4 months ago
I'm not entirely sure, but I remember something about stateful protocol analysis being related to tracking sessions.
upvoted 0 times
...
Polly
5 months ago
I think this is about anomaly-based IDS since it mentions detecting deviations from normal behavior.
upvoted 0 times
...
Louisa
5 months ago
I've got this one! The key is the part about comparing the observed events to normal behavior and detecting deviations. That's the textbook definition of an Anomaly-based IDS. I'm confident that's the right answer.
upvoted 0 times
...
Carolann
5 months ago
Hmm, I'm a bit confused here. The question talks about observing events and comparing them to normal behavior, but it doesn't explicitly say it's an anomaly-based IDS. I'm not sure if that's the right answer.
upvoted 0 times
...
Dominga
5 months ago
This one seems pretty straightforward. The question mentions the IDS detecting deviations from normal behavior, so I'm going to go with option B, Anomaly-based.
upvoted 0 times
...
Mitzie
5 months ago
Okay, let me think this through. The IDS is detecting deviations from normal behavior, so that rules out signature-based and application proxy. I think Anomaly-based is the best fit here, but I'll double-check the definitions just to be sure.
upvoted 0 times
...
Gertude
9 months ago
B) Anomaly-based is the way to go. Messy's clearly a pro at this, and that's the only option that matches the description. Now, if only he could do something about that name...
upvoted 0 times
Graham
8 months ago
Application proxy IDS may not be the best fit for this scenario, anomaly-based is the way to go.
upvoted 0 times
...
Timothy
8 months ago
Signature-based IDS may not be as effective in detecting new or unknown threats.
upvoted 0 times
...
Gretchen
9 months ago
Messy must have a good understanding of network security to choose anomaly-based IDS.
upvoted 0 times
...
Dorthy
9 months ago
I agree, anomaly-based is the best choice for detecting deviations from normal behavior.
upvoted 0 times
...
...
Johnson
10 months ago
The question is a bit too straightforward, don't you think? I'm going to go with D) Application proxy just to keep things interesting. Who knows, maybe Messy has a few tricks up his sleeve!
upvoted 0 times
Cherelle
9 months ago
I agree with you, I'll go with B) Anomaly-based. It's always good to mix things up in network security.
upvoted 0 times
...
Geraldo
9 months ago
I'm leaning towards A) Stateful protocol analysis. It's a solid option for detecting deviations in network traffic.
upvoted 0 times
...
Magnolia
9 months ago
I think it's C) Signature-based. That's a common choice for network defenders.
upvoted 0 times
...
...
Nakita
10 months ago
Hmm, this one's a bit tricky. I'm torn between B) Anomaly-based and C) Signature-based. But I'll go with B since Messy seems to be a pretty savvy network defender.
upvoted 0 times
Frederica
9 months ago
User1: Definitely, it's all about spotting those anomalies to keep the network secure.
upvoted 0 times
...
Katy
9 months ago
User2: Yeah, that makes sense. Anomaly-based IDS would be a good choice for detecting deviations from normal behavior.
upvoted 0 times
...
Reuben
10 months ago
User1: I think it's B) Anomaly-based too. Messy probably wants to catch any unusual behavior.
upvoted 0 times
...
...
Rene
11 months ago
I think the answer is B) Anomaly-based. The scenario describes an IDS that compares observed events with normal behavior to detect deviations, which is the hallmark of an anomaly-based IDS.
upvoted 0 times
Vernice
10 months ago
Yes, anomaly-based IDS is the correct choice in this scenario.
upvoted 0 times
...
Ivette
10 months ago
I agree, the description fits an anomaly-based IDS.
upvoted 0 times
...
...
Adelle
11 months ago
I agree with Mireya, signature-based makes more sense in this scenario as it detects deviations from known patterns.
upvoted 0 times
...
Mireya
11 months ago
I disagree, I believe it is signature-based because it compares observed events with known patterns.
upvoted 0 times
...
Roy
11 months ago
I think the type of IDS employed by Messy is anomaly-based.
upvoted 0 times
...

Save Cancel