2 Books 2 Different Views
I purchased both Darril Gibsons Security+ Get certified get ahead, as well as Exam Cram Security+. In Darril's book Anomaly based and behavior based monitoring is the same. In Exam Cram they are different and the questions are different for each as an example this is the exam cram questions:
1)Which of the following best describes behavior based monitoring?
a)Looks at patterns of access that have been established
b)Looks at the way certain executable files make a computer act
c)Looks for specific byte sequences that appear in attack traffic
d)Looks for traffic behavior that is new or unusual.
2)Which of the following best describes Anomaly based monitoring?
a)Looks at patterns of access that have been established
b)Looks at the way certain executable files make a computer act
c)Looks for specific byte sequences that appear in attack traffic
d)Looks for traffic behavior that is new or unusual.
In the Exam cram book question one is answer B and question two is answer D
In Darrils book they are both the same and one is the other so if an answer has Anomaly but no Behavior option choose anomaly and vice versa.
So i would like to know which one is the correct method and pertains more to the actual exam.
Thanks.
1)Which of the following best describes behavior based monitoring?
a)Looks at patterns of access that have been established
b)Looks at the way certain executable files make a computer act
c)Looks for specific byte sequences that appear in attack traffic
d)Looks for traffic behavior that is new or unusual.
2)Which of the following best describes Anomaly based monitoring?
a)Looks at patterns of access that have been established
b)Looks at the way certain executable files make a computer act
c)Looks for specific byte sequences that appear in attack traffic
d)Looks for traffic behavior that is new or unusual.
In the Exam cram book question one is answer B and question two is answer D
In Darrils book they are both the same and one is the other so if an answer has Anomaly but no Behavior option choose anomaly and vice versa.
So i would like to know which one is the correct method and pertains more to the actual exam.
Thanks.