The Chief Information Security Officer (CISO) for an organization wants to develop custom IDS rulesets faster, prior to new rules being released by IDS vendors.
Which of the following BEST meets this objective?
A. Identify a third-party source for IDS rules and change the configuration on the applicable IDSs to pull in the new rulesets
B. Encourage cybersecurity analysts to review open source intelligence products and threat database to generate new IDS rules based on those sources
C. Leverage the latest TCP- and UDP-related RFCs to arm sensors and IDSs with appropriate heuristics for anomaly detection
D. Use annual hacking conventions to document the latest attacks and threats, and then develop IDS rules to counter those threats
How to PASS CAS-004 in First Attempt?FULL Printable PDF and Software. VALID exam to help you PASS. |
 |
I would also go with C. My problem with B is that the IDS vendors are doing that already. You might develop the custom signatures before the vendor releases them but I doubt you would do so before they would.
Hi Pablo, Do you know anyone who has written recently? or are you writing soon
is it ?
C. Leverage the latest TCP- and UDP-related RFCs to arm sensors and IDSs with appropriate heuristics for anomaly detection
A. Identify – Takes time.
B. Review – Takes time.
C. Heuristics and Anomaly Detection. – Real Time.
D. Document – Takes time.
Faster and before a vendor release. I think the correct answer is C.
i also this C
but why not: B ?