CompTIA Security+ Exam Prep

Answer: A - To learn of any differences in the baseline environment of a system by detecting any changes in the amount of activity in the system would best be obtained by using a traffic anomaly-based IDS. Most behavioral-based IDSs have traffic anomaly-based filters, which detect changes in traffic patterns. Once a profile is built that captures the baselines of an environment’s ordinary traffic, all future traffic patterns are compared to that profile. As with all filters, the thresholds are tunable to adjust the sensitivity and to reduce the number of false positives and false negatives. Since this is a type of statistical anomaly-based IDS, it can detect unknown attacks.