CompTIA
SY0-301 · Question #339
SY0-301 Question #339: Real Exam Question with Answer & Explanation
The correct answer is C: False positives. When the IDS generates alerts for traffic that is actually legitimate (normal multicast), those alerts are false positives - the system incorrectly identified benign activity as malicious.
Question
Ann, a security technician, is reviewing the IDS log files. She notices a large number of alerts for multicast packets from the switches on the network. After investigation, she discovers that this is normal activity for her network. Which of the following BEST describes these results?
Options
- ATrue negatives
- BTrue positives
- CFalse positives
- DFalse negatives
Explanation
When the IDS generates alerts for traffic that is actually legitimate (normal multicast), those alerts are false positives - the system incorrectly identified benign activity as malicious.
Common mistakes.
- A. A true negative means the system correctly identified traffic as benign and did not generate an alert; in this scenario, alerts were generated, so it cannot be a true negative.
- B. A true positive means the system correctly identified actual malicious activity and generated a valid alert; this traffic was confirmed to be normal and not an attack.
- D. A false negative means the system failed to detect actual malicious activity and generated no alert; in this scenario, alerts were generated (not missed), so it is not a false negative.
Concept tested. IDS false positive identification in alert analysis
Reference. https://csrc.nist.gov/glossary/term/false_positive
Community Discussion
No community discussion yet for this question.