CISSP – Information Systems Security Architecture Professional (ISSAP) — Question 84

Which of the following intrusion detection systems (IDS) monitors network traffic and compares it against an established baseline?

Answer options

• A. Network-based
• B. Anomaly-based
• C. File-based
• D. Signature-based

Correct answer: B

Explanation

The correct answer is B, as anomaly-based IDS specifically looks for deviations from a known baseline of normal behavior in network traffic. Options A, C, and D do not focus on monitoring traffic against a baseline; Network-based IDS monitors general traffic, File-based IDS checks file integrity, and Signature-based IDS looks for known attack signatures.