Palo Alto Networks Exam PCCET Topic 1 Question 34 Discussion

A knowledge-based system uses a database of known vulnerabilities and attack profiles

to identify intrusion attempts. These types of systems have lower false-alarm rates than

behavior-based systems but must be continually updated with new attack signatures to

be effective.

A behavior-based system uses a baseline of normal network activity to identify unusual

patterns or levels of network activity that may be indicative of an intrusion attempt.

These types of systems are more adaptive than knowledge-based systems and therefore

may be more effective in detecting previously unknown vulnerabilities and attacks, but

they have a much higher false-positive rate than knowledge-based systems.