Palo Alto Networks Cybersecurity Entry-Level Technician (PCCET) — Question 123

Which classification of IDS/IPS uses a database of known vulnerabilities and attack profiles to identify intrusion attempts?

Answer options

• A. Statistical-based
• B. Knowledge-based
• C. Behavior-based
• D. Anomaly-based

Correct answer: B

Explanation

The correct answer is B, Knowledge-based, as it utilizes a predefined database of known threats to identify possible intrusions. Options A, C, and D refer to different methodologies that focus on statistical analysis, behavioral patterns, or deviations from normal activity, rather than relying on a database of known vulnerabilities.