In the architecture of modern security, Artificial Intelligence (AI) and Machine Learning (ML) are

leveraged to move beyond reactive, signature-based defenses. One of the most significant uses of AI

in securing network infrastructure is the detection of zero-day attacks (often referred to in exam

contexts as "day zero" attacks). A zero-day attack exploits a vulnerability that is unknown to the

software vendor or the public, meaning no signature exists for traditional firewalls or antivirus

software to block it.

AI identifies these threats through behavioral analysis and anomaly detection. By establishing a

highly granular baseline of "normal" network traffic patterns—including flow direction, packet size,

inter-packet arrival times, and protocol behavior—AI models can detect subtle deviations that

indicate a malicious exploit. For example, Cisco Secure Network Analytics (formerly Stealthwatch)

and Encrypted Threat Analytics (ETA) use ML to identify the cryptographic "fingerprints" of malware

even within encrypted traffic, without the need for decryption. This allows the security infrastructure

to identify and mitigate threats at the moment they appear, rather than waiting for a vendor to

release a signature. While load balancing (Option B), traffic shaping (Option C), and Quality of Service

(Option D) are critical for network performance and availability, they are traditional traffic

engineering functions that do not inherently provide the advanced threat detection capabilities

offered by AI-driven security models. Within the Cisco SDSI objectives, AI is positioned as the

primary technology for achieving proactive visibility and reducing the "Mean Time to Detect" (MTTD)

for previously unseen vulnerabilities.