CompTIA Security+ (SY0-501) — Question 271
A security analyst receives a notification from the IDS after working hours, indicating a spike in network traffic. Which of the following BEST describes this type of
IDS?
Answer options
- A. Anomaly-based
- B. Stateful
- C. Host-based
- D. Signature-based
Correct answer: A
Explanation
Anomaly-based IDS are designed to identify unusual patterns in traffic that deviate from the norm, which is precisely what is indicated by the spike in network traffic. In contrast, stateful IDS monitor the state of active connections, host-based IDS focus on individual hosts, and signature-based IDS rely on known patterns of malicious activity, which may not detect unexpected spikes.