Cisco Exam 200-201 Topic 1 Question 102 Discussion

Actual exam question for Cisco's 200-201 exam

Question #: 102
Topic #: 1

[All 200-201 Questions]

What is a comparison between rule-based and statistical detection?

AStatistical is based on measured data while rule-based uses the evaluated probability approach.

BRule-based Is based on assumptions and statistical uses data Known beforehand.

CRule-based uses data known beforehand and statistical is based on assumptions.

DStatistical uses the probability approach while rule-based Is based on measured data.

Show Suggested Answer

Suggested Answer: C

Rule-based detection methods rely on predefined rules and patterns that are known beforehand. These rules are created based on prior knowledge of what constitutes normal and abnormal behavior.

Statistical detection, on the other hand, involves analyzing data to identify anomalies. It is based on assumptions about what normal behavior looks like and uses statistical methods to detect deviations from this norm.

Rule-based systems are typically straightforward but may miss novel attacks that do not match existing rules.

Statistical methods can detect previously unknown threats by recognizing patterns that deviate from established baselines but may produce more false positives.

Intrusion Detection Systems (IDS) Concepts

Comparative Studies on Rule-based and Statistical Anomaly Detection

Understanding Anomaly Detection in Network Security

by Rocco at Dec 10, 2024, 09:24 AM

Limited Time Offer

25%

Off

Get Premium 200-201 Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

Submit Cancel

Lavonda

5 days ago

I think the answer is A.

upvoted 0 times

...