Which of the following occurs when an IDS or IPS does not identify malicious traffic that enters the network?
(Select the best answer.)
A.
a false positive
B.
a false negative
C.
a true positive
D.
a true negative
Explanation:
A false negative occurs when an intrusion detection system (IDS) or intrusion prevention system (IPS) does not
identify malicious traffic that enters the network. False negatives can often lead to disastrous network security
problems. To properly secure a network, you should reduce the number of false negatives as much as possible
by finetuning IDS and IPS rules, even if more false positives are reported. Penetration testing can help
determine when an IDS or IPS is not detecting a genuine attack.
A false positive occurs when an IDS or IPS identifies nonmalicious traffic as malicious. Tuning must be
performed to minimize the number of false positives while eliminating false negatives. Not only can too many
false positives overburden a router, they can also overburden a network administrator because false positives
must usually be verified as harmless.
A true positive occurs when an IDS or IPS correctly identifies malicious traffic as malicious. For instance, a true
positive occurs when a virus or an attack is identified and the appropriate action is taken.
A true negative occurs when an IDS or IPS correctly identifies harmless traffic as harmless. For example, a true
negative occurs when an administrator correctly enters a password or when Hypertext Transfer Protocol
(HTTP) traffic is sent to a web server.Cisco: Cisco Secure IPS Excluding False Positive Alarms: False Positive and False Negative Alarms