312-50V11 · Question #236
When analyzing the IDS logs, the system administrator noticed an alert was logged when the external router was accessed from the administrator's Computer to update the router configuration. What type
The correct answer is D. False positive. When an IDS flags a legitimate administrative action as malicious, it produces a false positive alert.
Question
When analyzing the IDS logs, the system administrator noticed an alert was logged when the external router was accessed from the administrator's Computer to update the router configuration. What type of an alert is this?
Options
- AFalse negative
- BTrue negative
- CTrue positive
- DFalse positive
How the community answered
(64 responses)- A2% (1)
- B2% (1)
- C5% (3)
- D92% (59)
Why each option
When an IDS flags a legitimate administrative action as malicious, it produces a false positive alert.
A false negative occurs when the IDS fails to detect an actual attack, resulting in no alert being generated for genuine malicious activity.
A true negative occurs when the IDS correctly refrains from generating an alert for a legitimate, non-malicious activity, meaning the system behaved correctly.
A true positive occurs when the IDS correctly identifies and alerts on an actual, confirmed malicious event or real attack.
A false positive occurs when an IDS generates a security alert for an activity that is actually legitimate and authorized. Because the administrator was performing a sanctioned task - updating the router configuration - and the IDS incorrectly classified this normal activity as a threat, the alert is definitively a false positive, not an indication of a real attack.
Concept tested: IDS alert classification and false positive identification
Source: https://learn.microsoft.com/en-us/azure/defender-for-cloud/alerts-overview
Topics
Community Discussion
No community discussion yet for this question.