ISC2 CISSP Practice Question

The correct answer is Behavioral analysis using unsupervised learning algorithms. When dealing with unknown malware variants (zero-day threats), traditional signature-based systems fail because they rely on known patterns. Behavioral analysis using unsupervised learning algorithms is particularly effective for this scenario because:

1. It focuses on detecting anomalous behaviors rather than known signatures
2. Unsupervised learning can identify patterns and anomalies without requiring pre-labeled training data
3. It can detect novel threats based on deviations from normal behavior patterns

While supervised learning can be effective for many security applications, it requires extensive labeled training data of known malware, which isn't available for truly novel threats. Rule-based systems enhanced with neural networks still depend partially on predefined rules that unknown malware can evade. Natural language processing for threat intelligence is valuable but primarily helps with processing and analyzing threat reports rather than directly detecting unknown malware in systems.