Which combination of techniques is commonly used by IDS for detection?

• A. Signature file comparison; Anomaly detection; Stateful protocol analysis
• B. Stateful protocol analysis; Anomaly detection
• C. Signature file comparison; Firewall rules
• D. Anomaly detection; Firewall rules

Answer: (A)

IDS detection relies on multiple techniques to catch different kinds of threats: signature-based detection uses a database of known attack patterns to flag exact matches; anomaly detection looks for deviations from established normal behavior, catching novel or stealthy activity; and stateful protocol analysis inspects the correct sequencing and state transitions within network protocols to reveal misuse that might slip past simple pattern checks. Using all three together provides broad coverage: known exploits can be quickly identified via signatures, unusual activity can be flagged even if it isn’t a known pattern, and protocol-aware analysis can detect abuse of how a protocol should operate. The other options lean on firewall rules or omit signature-based detection, which are not as comprehensive for IDS detection.