312-50V10 · Question #529
A recent security audit revealed that there were indeed several occasions that the company's network was breached. After investigating, you discover that your IDS is not configured properly and theref
The correct answer is B. False Negative. When an IDS fails to trigger alarms during actual intrusions, it is producing false negatives - real attacks are occurring but the system is not detecting them.
Question
A recent security audit revealed that there were indeed several occasions that the company's network was breached. After investigating, you discover that your IDS is not configured properly and therefore is unable to trigger alarms when needed. What type of alert is the IDS giving?
Options
- ATrue Positive
- BFalse Negative
- CFalse Positive
- DFalse Positive
How the community answered
(31 responses)- A3% (1)
- B90% (28)
- D6% (2)
Why each option
When an IDS fails to trigger alarms during actual intrusions, it is producing false negatives - real attacks are occurring but the system is not detecting them.
A true positive means the IDS correctly detected and alerted on a real attack, which is the opposite of what occurred since no alarms were triggered during confirmed breaches.
A false negative occurs when a security control fails to detect a genuine threat event. Since the network was actually breached but the misconfigured IDS never triggered alarms, it was silently missing real attacks - the definition of a false negative, where the system reports 'no threat' when a threat is present.
A false positive means the IDS generated an alert on benign activity that was not an attack, which is the inverse problem - over-alerting rather than under-alerting.
This choice is a duplicate of C and is incorrect for the same reason - a false positive is an erroneous alert on non-malicious activity, not a failure to detect real intrusions.
Concept tested: IDS alert classification - false negative identification
Source: https://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800-94.pdf
Topics
Community Discussion
No community discussion yet for this question.