EMC Proven Professional – Technology Architect — Question 2

Which technique of an intrusion detection and prevention system relies on a database that contains known attack patterns, and scans events against it?

Answer options

• A. Signature-based detection
• B. Anomaly-based detection
• C. Device-based detection
• D. Plug-in-based detection

Correct answer: A

Explanation

The correct answer is A, as signature-based detection specifically utilizes a database of known attack patterns to identify threats. Options B, C, and D do not rely on a predefined database of attack signatures; instead, B focuses on deviations from normal behavior, while C and D refer to different approaches that are not related to known attack patterns.