(ISC)2 Certified in Cybersecurity Practice Exam

Which type of malware prevention strategy is most effective against known viruses?

• A. Behavior analysis
• B. Signature detection
• C. Anomaly detection
• D. Heuristic detection

The correct answer is: Signature detection

Signature detection is the most effective strategy against known viruses because it operates by comparing files and programs against a database of known malware signatures—unique strings of data that are characteristic of specific viruses. When a file matches a signature in the database, it can be identified as malicious, enabling immediate response actions such as quarantine or deletion. This method is highly effective for known threats because it relies on established information about malware that has already been cataloged. Behavior analysis, on the other hand, focuses on identifying malware based on its actions rather than its signature. This strategy is useful for detecting unknown or modified variants of malware but may not be as quick or effective against known viruses that have already been identified. Anomaly detection monitors system behavior and identifies deviations from established norms, serving well in environments where the baseline behavior is understood. However, this method is less efficient when targeting well-known viruses, as it can lead to false positives and misses the specific signatures of known threats. Heuristic detection employs rules or algorithms to identify potential threats by examining the code structure or behavior of programs. While it can be useful for detecting new or evolving malware, it may not provide the same level of precision for known viruses as signature detection does, as it operates on assumptions rather than confirmed signatures.