Which log analysis method requires a training phase?
- statistical
- advanced
- knowledge-based
- signature-based
- anomaly-based
| Explanation & Hint:
The log analysis method that requires a training phase is “anomaly-based.” Anomaly-based log analysis involves creating a baseline of normal activity during the training phase. Then, during operation, it compares new log data against this baseline to identify deviations or anomalies that could indicate suspicious or malicious activities. The effectiveness of anomaly-based analysis depends heavily on the quality and comprehensiveness of the training phase, during which the system learns what normal behavior looks like. |