Your company has decided to implement anomaly-based monitoring on your network. You obtain a new server that will perform this monitoring and must ensure that the monitoring is effective. For effective monitoring, what must be in place?
D. Active and passive responses
The correct answer is A.
Anomaly-based monitoring detects any changes or deviations in network traffic. With this type of monitoring, there is an initial learning period before anomalies are detected. Once the baselines are established, anomaly-based monitoring can detect anomalous behaviors. Sometimes the baseline is established through a manual process.
A database must be in place for signature-based monitoring. Signature-based monitoring requires that updates are regularly obtained to ensure its effectiveness. Signature-based monitoring watches for intrusions that match a known identity or signature when checked against a database that contains the identities of possible attacks. This database is known as the signature database.
Rules must be in place for behavior-based monitoring. Behavior-based monitoring looks for behavior that is not allowed and acts accordingly.
Active and passive responses must be in place for network-based monitoring. Network-based monitoring is attached to the network in a place where it can monitor all network traffic. It implements passive and active responses. Passive responses include logging, notification, and shunning. Active responses include terminating processes or sessions, network configuration changes, and deception.
CISSP Certification Prep Course