Understanding Cisco Cybersecurity Operations Fundamentals (CBROPS) — Question 52

What is the difference between statistical detection and rule-based detection models?

Answer options

• A. Rule-based detection involves the collection of data in relation to the behavior of legitimate users over a period of time
• B. Statistical detection defines legitimate data of users over a period of time and rule-based detection defines it on an IF/THEN basis
• C. Statistical detection involves the evaluation of an object on its intended actions before it executes that behavior
• D. Rule-based detection defines legitimate data of users over a period of time and statistical detection defines it on an IF/THEN basis

Correct answer: B

Explanation

The correct answer is B because it accurately describes that statistical detection focuses on establishing patterns of normal behavior over time, while rule-based detection operates on a specific IF/THEN criteria. Option A incorrectly describes rule-based detection's function, C does not pertain to the definitions provided, and D reverses the roles of statistical and rule-based detection.