Which detection method is described as identifying threats by deviations from established baselines in network behavior?

• A. Signature-based detection
• B. NBAD
• C. Behavioral-based detection
• D. Anomaly-based detection

Answer: (C)

The idea being tested is modeling normal network activity and flagging when things drift away from that normal baseline. This is behavioral-based detection: it analyzes how the network typically behaves and looks for deviations in traffic patterns, timings, or usage that suggest something unusual or malicious. Because many threats don’t match any known signature, focusing on behavior and deviations allows detection of unknown or zero-day attacks that signatures might miss. While signature-based detection relies on known patterns and anomaly-based approaches (often used interchangeably with detecting deviations) describe the broader concept of unusual activity, the description here aligns most directly with how behavioral-based detection operates—watching for deviations from established behavioral baselines.