CCDE: Cisco Certified Design Expert (Practical) — Question 255
Most security monitoring systems use a signature-based approach to detect threats. In which two instances are systems based on Network Behavior Anomaly Detection better than signature-based systems when it comes to detecting security threat vectors? (Choose two.)
Answer options
- A. malware detection
- B. encrypted threat traffic
- C. spyware detection
- D. intrusion threat detection
- E. new zero-day attacks
Correct answer: D, E
Explanation
Network Behavior Anomaly Detection systems excel in identifying unusual patterns of behavior, making them more effective for detecting new zero-day attacks (E) that signature-based systems may not recognize. Additionally, they are better suited for intrusion threat detection (D), as they can identify deviations from normal network behavior, unlike signature-based systems that rely on known threat signatures.