nerdexam
GIAC

GSEC · Question #195

GSEC Question #195: Real Exam Question with Answer & Explanation

The correct answer is B. False positive. In IDS terminology, a false positive occurs when the system generates an alarm despite no actual threat or anomaly being present.

Question

When no anomaly is present in an Intrusion Detection, but an alarm is generated, the response is known as.

Options

  • AFalse negative
  • BFalse positive
  • CTrue positive
  • DTrue negative

Explanation

In IDS terminology, a false positive occurs when the system generates an alarm despite no actual threat or anomaly being present.

Common mistakes.

  • A. A false negative is the opposite scenario - a real threat or anomaly is present, but the IDS fails to detect it and generates no alarm.
  • C. A true positive means an anomaly is genuinely present and the IDS correctly fires an alarm, which is the desired detection outcome.
  • D. A true negative means no anomaly is present and the IDS correctly generates no alarm, representing accurate normal-traffic classification.

Concept tested. IDS detection accuracy - false positive classification

Reference. https://csrc.nist.gov/glossary/term/false_positive

Community Discussion

No community discussion yet for this question.

Sign up to join the discussion
Full GSEC Practice