Network Defense Essentials (NDE) 2026 – 400 Free Practice Questions to Pass the Exam

Composite-signature-based analysis is correct because it involves examining patterns and signatures that emerge over time, typically requiring a longer duration of packet analysis. This type of analysis focuses on the combination of various lower-level signatures to identify more complex or coordinated attack behaviors that may not be apparent in isolated incidents.

In composite analysis, the system looks for specific sequences or trends in packet data that indicate a sophisticated attack. This can include detecting multi-stage attacks, where the initial phase may not trigger any alerts, but the subsequent actions reveal malicious intent when viewed over a longer timeframe. Hence, it is essential for identifying more advanced persistent threats (APTs) that take time to unfold.

Other types of signature analysis, such as atomic or content-based, typically focus on single packets or specific payload characteristics, rather than a longer-term examination of packet interactions. In contrast, protocol-based analysis may involve looking at the behavior of protocols, but it doesn’t have the same emphasis on analyzing a lengthy sequence of packets as composite analysis does.