Which analysis detects attack patterns across multiple packets, such as ICMP floods?

Unlock all questions

This demo includes only 20 questions. Upgrade to access hundreds of questions, flashcards, exam simulations, and disable ads.

Full question bankExam simulationsFlashcards
From $9.99Unlock all

Prepare for the EC-Council Network Defense Essentials (NDE) Exam. Use our resources like flashcards and multiple-choice questions with hints and explanations to excel. Boost your readiness today!

Multiple Choice

Which analysis detects attack patterns across multiple packets, such as ICMP floods?

Explanation:
Detecting attack patterns that unfold over several packets relies on tying clues across time, not just in a single packet. Content-based signature analysis looks at the payload of one packet, so it can miss floods where the data itself isn’t suspicious. Atomic-signature-based analysis searches for a specific, isolated pattern in a packet, which doesn’t capture the broader behavior of a flood. Context-based signature analysis considers the surrounding session context, which helps but may still miss a coordinated surge that only becomes clear when you correlate many packets. Composite-signature-based analysis, on the other hand, combines multiple indicators across many packets—such as unusual ICMP rate, consistent echo-request patterns, timing relationships, and source distribution—to reveal the attack as a whole. That correlation across traffic makes it the most effective for detecting multi-packet attack patterns like ICMP floods.

Detecting attack patterns that unfold over several packets relies on tying clues across time, not just in a single packet. Content-based signature analysis looks at the payload of one packet, so it can miss floods where the data itself isn’t suspicious. Atomic-signature-based analysis searches for a specific, isolated pattern in a packet, which doesn’t capture the broader behavior of a flood. Context-based signature analysis considers the surrounding session context, which helps but may still miss a coordinated surge that only becomes clear when you correlate many packets. Composite-signature-based analysis, on the other hand, combines multiple indicators across many packets—such as unusual ICMP rate, consistent echo-request patterns, timing relationships, and source distribution—to reveal the attack as a whole. That correlation across traffic makes it the most effective for detecting multi-packet attack patterns like ICMP floods.

More Multiple Choice Questions
Subscribe

Get the latest from Examzify

You can unsubscribe at any time. Read our privacy policy