nerdexam
Exams312-50V9Questions#399
EC-Council

312-50V9 · Question #399

312-50V9 Question #399: Real Exam Question with Answer & Explanation

The correct answer is B: False Negative. When an IDS fails to trigger an alarm during an actual attack, it produces a false negative - a missed detection of a real threat.

Question

A recent security audit revealed that there were indeed several occasions that the company's network was breached. After investigating, you discover that your IDS is not configured properly and therefore is unable to trigger alarms when needed. What type of alert is the IDS giving?

Options

  • ATrue Positive
  • BFalse Negative
  • CFalse Positive
  • DFalse Positive

Explanation

When an IDS fails to trigger an alarm during an actual attack, it produces a false negative - a missed detection of a real threat.

Common mistakes.

  • A. A true positive means the IDS correctly identified and alerted on a real attack, which did not happen here since the IDS failed to trigger.
  • C. A false positive means the IDS fired an alarm when no real threat existed, which is the opposite of what occurred - here the IDS stayed silent during real breaches.
  • D. Duplicate of choice C - a false positive is an alert triggered on a benign event, not a missed detection of a real attack.

Concept tested. IDS alert classification - false negative detection failure

Reference. https://csrc.nist.gov/publications/detail/sp/800-94/final

Community Discussion

No community discussion yet for this question.

Sign up to join the discussion
Full 312-50V9 Practice