Which three of the following statements are true about network behavior anomaly detection? (Choose three.)
A . It can enable an analyst to quickly track down malicious activities on the network by identifying abnormal network traffic conditions.
B . It requires very little computational overhead.
C . It works effectively as long as the baseline covers a 24-hour period.
D . It works by comparing a known state of normal traffic to current traffic flows.
E . Its validity and usefulness can be impaired if the size of the sliding window is not set appropriately.
F . It works by searching network traffic for a series of bytes or packet sequences that are known to be malicious.
Answer: ADE