210-255 · Question #127
Which signature type results in a legitime alert been dismissed?
The correct answer is B. False negative. A false negative occurs when a real threat is not detected, causing a legitimate alert to be silently dismissed or never raised.
Question
Which signature type results in a legitime alert been dismissed?
Options
- ATrue negative
- BFalse negative
- CTrue Positive
- DFalse Positive
How the community answered
(54 responses)- A2% (1)
- B91% (49)
- C2% (1)
- D6% (3)
Why each option
A false negative occurs when a real threat is not detected, causing a legitimate alert to be silently dismissed or never raised.
A true negative correctly identifies a benign event as non-threatening, which is the desired accurate outcome and involves no alert at all.
A false negative means the detection system fails to fire on a genuine malicious event - the threat is real but the signature or rule does not match it, so no alert is generated and the incident goes uninvestigated. This is considered the most dangerous outcome in security monitoring because defenders are unaware an attack is occurring.
A true positive correctly fires an alert on a real threat, which is the ideal detection outcome and results in a valid alert being acted upon, not dismissed.
A false positive incorrectly fires an alert on a benign event, which produces noise but does not cause a legitimate threat to be missed.
Concept tested: False negative detection in security monitoring
Source: https://csrc.nist.gov/glossary/term/false_negative
Topics
Community Discussion
No community discussion yet for this question.