New Year Sale 2026! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions
Mail Us support@pass4success.com
Location US
Mob_nav_barsMENU

ISC2 CSSLP Exam - Topic 1 Question 104 Discussion

Actual exam question for ISC2's CSSLP exam
Question #: 104
Topic #: 1
[All CSSLP Questions]

Which of the following intrusion detection systems (IDS) monitors network traffic and compares it against an established baseline?

Show Suggested Answer Hide Answer
Suggested Answer: C

The anomaly-based intrusion detection system (IDS) monitors network traffic and compares it against an established baseline. This type of IDS

monitors traffic and system activity for unusual behavior based on statistics. In order to identify a malicious activity, it learns normal behavior

from the baseline. The anomaly-based intrusion detection is also known as behavior-based or statistical-based intrusion detection.

Answer D is incorrect. Signature-based IDS uses a database with signatures to identify possible attacks and malicious activity.

Answer B is incorrect. A network-based IDS can be a dedicated hardware appliance, or an application running on a computer, attached

to the network. It monitors all traffic in a network or traffic coming through an entry-point such as an Internet connection.

Answer A is incorrect. There is no such intrusion detection system (IDS) that is file-based.


by Vincenza at Jul 30, 2025, 10:51 AM

Limited Time Offer

25%

Off

Get Premium CSSLP Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

0/2000 characters
Submit Cancel
Alease
2 months ago
Yup, anomaly-based is the right answer here.
upvoted 0 times
...
Domonique
2 months ago
Totally agree, that's how it works!
upvoted 0 times
...
Sage
2 months ago
Anomaly-based IDS checks against a baseline.
upvoted 0 times
...
Aja
3 months ago
Sounds too good to be true, but I guess it makes sense!
upvoted 0 times
...
Dolores
3 months ago
Wait, are you sure? I thought it was signature-based.
upvoted 0 times
...
Ammie
3 months ago
I’m confused between C and D. I know signature-based systems look for known threats, but I can't recall if they compare to a baseline.
upvoted 0 times
...
Providencia
3 months ago
I practiced a similar question last week, and I believe it was also about anomaly-based systems. That seems to fit the description best.
upvoted 0 times
...
Vivienne
4 months ago
I'm not entirely sure, but I remember something about network-based IDS being more about traffic analysis rather than baseline comparisons.
upvoted 0 times
...
Hollis
4 months ago
I think the answer might be C, anomaly-based, since it focuses on deviations from a baseline.
upvoted 0 times
...
Chau
4 months ago
This is a straightforward question. Network-based IDS monitors network traffic and compares it to a baseline, so that's the answer I'm going with.
upvoted 0 times
...
Noe
4 months ago
I'm a bit confused by the options here. File-based, anomaly-based, and signature-based all sound like they could be valid IDS types. I'll have to review my notes to make sure I understand the differences.
upvoted 0 times
...
Clay
4 months ago
Okay, I've got this. Network-based IDS compares network traffic to a baseline to detect anomalies. That's the key distinction from the other types. I'm confident that's the right answer.
upvoted 0 times
...
Ivory
4 months ago
Hmm, I'm a little unsure about this one. I know there are different types of IDS, but I can't quite remember the differences between them. I'll have to think this through carefully.
upvoted 0 times
...
Bettina
5 months ago
I think this is asking about the different types of intrusion detection systems. Network-based IDS monitors network traffic, so that's probably the right answer.
upvoted 0 times
...
Lashandra
5 months ago
I disagree, I believe the answer is D) Signature-based.
upvoted 0 times
...
Tijuana
5 months ago
B) Network-based is the way to go. Gotta keep an eye on that internet superhighway, am I right?
upvoted 0 times
...
Samira
5 months ago
Haha, this question is a real network traffic jam! I'm going with D) Signature-based, just like my driving habits.
upvoted 0 times
Floyd
1 month ago
A mix of both could be ideal, but I lean towards C) Anomaly-based too!
upvoted 0 times
...
Hillary
2 months ago
I still prefer D) Signature-based. It’s reliable for known threats.
upvoted 0 times
...
Noah
2 months ago
I’m with you, Tarra! Anomaly-based makes sense for monitoring.
upvoted 0 times
...
Tarra
2 months ago
I think C) Anomaly-based is the right choice. It’s all about detecting unusual patterns!
upvoted 0 times
...
...
Ammie
6 months ago
I think the answer is C) Anomaly-based.
upvoted 0 times
...
Ivette
7 months ago
C) Anomaly-based sounds like the one that monitors the network and looks for deviations from normal patterns. Makes sense to me.
upvoted 0 times
...
Lili
7 months ago
I think the answer is B) Network-based. It monitors network traffic and compares it to a baseline, right?
upvoted 0 times
Tawny
5 months ago
C) Anomaly-based
upvoted 0 times
...
Paris
5 months ago
B) Network-based
upvoted 0 times
...
Dulce
5 months ago
A) File-based
upvoted 0 times
...
...

Save Cancel