Palo Alto Networks Cybersecurity Entry-Level Technician (PCCET) — Question 118

Which type of IDS/IPS uses a baseline of normal network activity to identify unusual patterns or levels of network activity that may be indicative of an intrusion attempt?

Answer options

• A. Knowledge-based
• B. Signature-based
• C. Behavior-based
• D. Database-based

Correct answer: C

Explanation

The correct answer is C, as behavior-based IDS/IPS systems monitor network activity against a baseline of expected behavior to identify anomalies. Option A, knowledge-based, typically uses predefined rules rather than behavior patterns. Signature-based (Option B) relies on known attack signatures, and Database-based (Option D) does not specifically relate to network activity monitoring.