(ISC)2 Certified in Cybersecurity Practice Exam

What are the two primary detection types for an Intrusion Detection System (IDS)?

• A. Signature Based Detection and Anomaly Base Detection
• B. Heuristic Detection and Behavioral Detection
• C. Malware Detection and Network Traffic Analysis
• D. Baseline Assessment and Risk Analysis

The correct answer is: Signature Based Detection and Anomaly Base Detection

The two primary detection types for an Intrusion Detection System (IDS) are indeed signature-based detection and anomaly-based detection. Signature-based detection works by identifying patterns of known threats. It uses predefined signatures, which are unique strings or sequences of data that match the characteristics of known attacks or malicious behavior. This method is highly effective for detecting specific threats that have already been recognized and cataloged. However, its limitation lies in the fact that it cannot identify new or unknown threats that do not have an existing signature. On the other hand, anomaly-based detection focuses on establishing a baseline of normal activity for a network or system and then identifying deviations from that baseline. This approach allows for the detection of novel or unknown threats, as it looks for patterns that differ from the established normal behavior. It can potentially uncover new types of attacks that signature-based detection might miss, though it may also lead to false positives due to benign variations in normal behavior. The other options do not accurately represent the primary detection types of an IDS. Heuristic and behavioral detection refer to methods that are typically part of a broader security framework but do not categorize the primary detection types of IDS specifically. Similarly, malware detection and network traffic analysis describe functions that may be associated with an IDS but do