ISC2 Systems Security Certified Practitioner (SSCP) Practice Question
A security team deploys an anomaly-based network IDS in an AWS VPC to watch traffic from Linux application servers. After one week, the sensor flags a surge of outbound DNS queries from a newly launched EC2 instance, but administrators believe the spike is caused by expected auto-scaling start-up lookups. Which information would best help tune the IDS to suppress these false positives without reducing its ability to detect new attacks?
The latest CVE vulnerability scan results for the instance's operating system and packages
An updated signature pack containing known command-and-control and DNS-tunneling indicators
A historical baseline showing normal traffic rates and patterns for the EC2 instance and similar hosts
A whitelist of TCP and UDP ports that the application is expected to open during operation
Anomaly-based detection engines compare current activity to statistical or behavioral baselines built from previous observations of legitimate traffic. Supplying the IDS with a representative historical baseline-including normal DNS burst patterns during auto-scaling-lets it recognize such activity as expected and avoids false positives while still alerting on truly abnormal behavior. CVE scan results, port whitelists, and signature packs aid other security controls or signature-based IDS but do not give an anomaly engine the frequency or behavioral context it needs.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is an anomaly-based IDS and how does it differ from signature-based IDS?
Open an interactive chat with Bash
Why is a historical baseline important in anomaly-based detection?
Open an interactive chat with Bash
What tools can be used to build a historical traffic baseline in AWS VPC environments?
Open an interactive chat with Bash
ISC2 Systems Security Certified Practitioner (SSCP)
Network and Communication Security
Your Score:
Report Issue
Bash, the Crucial Exams Chat Bot
AI Bot
Loading...
Loading...
Loading...
Pass with Confidence.
IT & Cybersecurity Package
You have hit the limits of our free tier, become a Premium Member today for unlimited access.
Military, Healthcare worker, Gov. employee or Teacher? See if you qualify for a Community Discount.
Monthly
$19.99 $11.99
$11.99/mo
Billed monthly, Cancel any time.
$19.99 after promotion ends
3 Month Pass
$44.99 $26.99
$8.99/mo
One time purchase of $26.99, Does not auto-renew.
$44.99 after promotion ends
Save $18!
MOST POPULAR
Annual Pass
$119.99 $71.99
$5.99/mo
One time purchase of $71.99, Does not auto-renew.
$119.99 after promotion ends
Save $48!
BEST DEAL
Lifetime Pass
$189.99 $113.99
One time purchase, Good for life.
Save $76!
What You Get
All IT & Cybersecurity Package plans include the following perks and exams .