CompTIA Security+ (SY0-701) — Question 489

A security analyst notices unusual behavior on the network. The IDS on the network was not able to detect the activities. Which of the following should the security analyst use to help the IDS detect such attacks in the future?

Answer options

• A. Signatures
• B. Trends
• C. Honeypot
• D. Reputation

Correct answer: A

Explanation

Using signatures is essential for an IDS because they define known attack patterns, allowing the system to recognize and respond to similar threats in the future. Trends, honeypots, and reputation systems may provide insights or additional security layers, but they do not directly improve the IDS's ability to detect specific attack signatures.