Understanding Cisco Cybersecurity Operations Fundamentals (CBROPS) — Question 263

An engineer must create a SIEM rule to test events and traffic for spikes and changes that occur in regular patterns to detect irregularities. Which rules achieve the desired results?

Answer options

• A. anomaly
• B. behavioral
• C. threshold
• D. availability

Correct answer: A

Explanation

The correct answer is A, as anomaly detection rules specifically focus on identifying deviations from expected patterns in data. While behavioral rules (B) also analyze patterns, they are more about user behavior over time. Threshold rules (C) set limits for alerts but do not specifically target irregular patterns, and availability (D) pertains to system uptime rather than event detection.