Understanding Cisco Cybersecurity Operations Fundamentals (CBROPS) — Question 93

What is a difference between signature-based and behavior-based detection?

Answer options

• A. Signature-based identifies behaviors that may be linked to attacks, while behavior-based has a predefined set of rules to match before an alert.
• B. Behavior-based identifies behaviors that may be linked to attacks, while signature-based has a predefined set of rules to match before an alert.
• C. Behavior-based uses a known vulnerability database, while signature-based intelligently summarizes existing data.
• D. Signature-based uses a known vulnerability database, while behavior-based intelligently summarizes existing data.

Correct answer: B

Explanation

The correct answer is B because behavior-based detection focuses on identifying suspicious activities that could indicate an attack, while signature-based detection relies on a set of predefined rules or signatures to trigger alerts. The other options incorrectly attribute these characteristics to the wrong detection methods.