Systems Security Certified Practitioner (SSCP) — Question 71

Which conceptual approach to intrusion detection system is the most common?

Answer options

• A. Behavior-based intrusion detection
• B. Knowledge-based intrusion detection
• C. Statistical anomaly-based intrusion detection
• D. Host-based intrusion detection

Correct answer: B

Explanation

The correct answer is B, as knowledge-based intrusion detection systems rely on predefined patterns and rules, making them the most common approach. Options A and C focus on behavioral and statistical methods, respectively, which are less prevalent. Option D refers to a specific type of detection that operates at the host level but doesn't represent the most common conceptual approach.