Certified Ethical Hacker (CEH v10) — Question 15

Which of the following options represents a conceptual characteristic of an anomaly-based IDS over a signature-based IDS?

Answer options

• A. Produces less false positives
• B. Can identify unknown attacks
• C. Requires vendor updates for a new threat
• D. Cannot deal with encrypted network traffic

Correct answer: B

Explanation

The correct answer is B because anomaly-based IDS can recognize unusual patterns that may indicate unknown attacks, whereas signature-based IDS relies on predefined attack signatures. Options A, C, and D are incorrect because anomaly-based systems typically produce more false positives, do not require constant vendor updates for every new threat, and can sometimes handle encrypted traffic depending on their implementation.