Certified Network Defender (CND) — Question 42

Which of the following intrusion detection techniques observes the network for abnormal usage patterns by determining the performance parameters for regular activities and monitoring for actions beyond the normal parameters?

Answer options

• A. Statistical anomaly detection
• B. Signature/Pattern matching
• C. None of these
• D. Stateful protocol analysis

Correct answer: A

Explanation

The correct answer, Statistical anomaly detection, identifies deviations from established performance metrics, making it effective for spotting unusual patterns. Signature/Pattern matching focuses on known threats and doesn't analyze performance parameters. Stateful protocol analysis examines the state of network connections rather than monitoring for abnormal usage patterns, and 'None of these' is not applicable as there is a valid answer.