Certified SOC Analyst (CSA) — Question 49

Which of the following event detection techniques uses User and Entity Behavior Analytics (UEBA)?

Answer options

• A. Rule-based detection
• B. Heuristic-based detection
• C. Anomaly-based detection
• D. Signature-based detection

Correct answer: C

Explanation

Anomaly-based detection is the correct answer because it identifies unusual patterns of behavior that deviate from the norm, which is the essence of UEBA. Other methods like rule-based, heuristic-based, and signature-based detection do not focus on behavior analysis; instead, they rely on predefined rules, heuristics, or known signatures to identify threats.