Question

What is anomaly-based detection? An event that does not trigger an alarm but should have because the traffic or event is abnormal and/or malicious. An event that triggers an alarm but should not have because the traffic or event is benign. A notification from a firewall that a specific event or packet was detected. A form of intrusion detection system/intrusion prevention system (IDS/ IPS) based on a defined normal, often defined using rules similar to firewall rules.

Answer 1

The last option is correct.

Step-by-step explanation:

IDPs employing anomaly-based detection provide identities that reflect the usual manner among customers, servers, network links, or apps. This is the method of evaluating conceptions about what operation has been assumed usually to incidents experienced to recognize important deviations.

So, it's an IPS / IDS type dependent on such a given standard, mostly specified by firewall-like laws.

Thus, the following are the reasons that specify the other options are not relevant according to the scenario.