Last Updated on November 21, 2023 by InfraExam
What is the purpose of having a “known-good” profile?
- configure and test NMS tools
- audit remote log locations
- define set of rules that an IDS and an IPS uses to detect typical intrusive activity
- help the security analyst flag anomalies
| Explanation & Hint:
The purpose of having a “known-good” profile is to “help the security analyst flag anomalies.” A “known-good” profile essentially represents a baseline of normal, expected behavior and configurations within a system, network, or application. By understanding what is normal, security analysts can more easily identify deviations from this baseline, which may indicate security incidents, anomalies, or malicious activities. Having a known-good profile is crucial for effective monitoring and quick response to potential threats, as it allows for a more accurate differentiation between benign and potentially harmful activities. |