nerdexam
Exams210-255Questions#127
Cisco

210-255 · Question #127

210-255 Question #127: Real Exam Question with Answer & Explanation

The correct answer is B: False negative. A false negative occurs when a real threat is not detected, causing a legitimate alert to be silently dismissed or never raised.

Security Monitoring

Question

Which signature type results in a legitime alert been dismissed?

Options

  • ATrue negative
  • BFalse negative
  • CTrue Positive
  • DFalse Positive

Explanation

A false negative occurs when a real threat is not detected, causing a legitimate alert to be silently dismissed or never raised.

Common mistakes.

  • A. A true negative correctly identifies a benign event as non-threatening, which is the desired accurate outcome and involves no alert at all.
  • C. A true positive correctly fires an alert on a real threat, which is the ideal detection outcome and results in a valid alert being acted upon, not dismissed.
  • D. A false positive incorrectly fires an alert on a benign event, which produces noise but does not cause a legitimate threat to be missed.

Concept tested. False negative detection in security monitoring

Reference. https://csrc.nist.gov/glossary/term/false_negative

Topics

#false negative#IDS signatures#alert classification#detection accuracy

Community Discussion

No community discussion yet for this question.

Sign up to join the discussion
Full 210-255 Practice