CompTIA Security+ (SY0-501) — Question 554

An organization plans to transition the intrusion detection and prevention techniques on a critical subnet to an anomaly-based system. Which of the following does the organization need to determine for this to be successful?

Answer options

• A. The baseline
• B. The endpoint configurations
• C. The adversary behavior profiles
• D. The IPS signatures

Correct answer: A

Explanation

To effectively implement an anomaly-based system, the organization must first determine the baseline, which represents the normal behavior of the network traffic. This baseline is essential for identifying deviations that may indicate potential threats. The other options, such as endpoint configurations, adversary behavior profiles, and IPS signatures, are not directly relevant to establishing what is considered normal activity for anomaly detection.