Understanding Cisco Cybersecurity Operations Fundamentals (CBROPS) — Question 249

How does statistical detection differ from rule-based detection?

Answer options

• A. Statistical detection involves the evaluation of events, and rule-based detection requires an evaluated set of events to function.
• B. Rule-based detection involves the evaluation of events, and statistical detection requires an evaluated set of events to function.
• C. Statistical detection defines legitimate data over time, and rule-based detection works on a predefined set of rules.
• D. Rule-based detection defines legitimate data over a period of time, and statistical detection works on a predefined set of rules.

Correct answer: C

Explanation

The correct answer is C because statistical detection focuses on identifying what is normal behavior over time, while rule-based detection operates based on specific, established rules. The other options confuse the definitions and functionalities of the two detection methods, incorrectly attributing characteristics to each.