nerdexam
Cisco

210-255 · Question #127

Which signature type results in a legitime alert been dismissed?

The correct answer is B. False negative. A false negative occurs when a real threat is not detected, causing a legitimate alert to be silently dismissed or never raised.

Security Monitoring

Question

Which signature type results in a legitime alert been dismissed?

Options

  • ATrue negative
  • BFalse negative
  • CTrue Positive
  • DFalse Positive

How the community answered

(54 responses)
  • A
    2% (1)
  • B
    91% (49)
  • C
    2% (1)
  • D
    6% (3)

Why each option

A false negative occurs when a real threat is not detected, causing a legitimate alert to be silently dismissed or never raised.

ATrue negative

A true negative correctly identifies a benign event as non-threatening, which is the desired accurate outcome and involves no alert at all.

BFalse negativeCorrect

A false negative means the detection system fails to fire on a genuine malicious event - the threat is real but the signature or rule does not match it, so no alert is generated and the incident goes uninvestigated. This is considered the most dangerous outcome in security monitoring because defenders are unaware an attack is occurring.

CTrue Positive

A true positive correctly fires an alert on a real threat, which is the ideal detection outcome and results in a valid alert being acted upon, not dismissed.

DFalse Positive

A false positive incorrectly fires an alert on a benign event, which produces noise but does not cause a legitimate threat to be missed.

Concept tested: False negative detection in security monitoring

Source: https://csrc.nist.gov/glossary/term/false_negative

Topics

#false negative#IDS signatures#alert classification#detection accuracy

Community Discussion

No community discussion yet for this question.

Full 210-255 Practice