The IPS on your company’s network is blocking normal web traffic.
Which of the following best describes what the IPS has identified? (Select the best answer.)
A.
a false positive
B.
a false negative
C.
a true positive
D.
a true negative
Explanation:
The intrusion prevention system (IPS) has identified a false positive. A false positive occurs when an intrusion
detection system (IDS) or an IPS identifies nonmalicious traffic as malicious. Tuning must be performed to
minimize the number of false positives while eliminating false negatives. Not only can too many false positives
overburden a device, they can also overburden a network administrator because false positives must usually be
verified as harmless.A false negative occurs when an IDS or IPS does not identify malicious traffic that enters the network. False
negatives can often lead to disastrous network security problems. To properly secure a network, you should
reduce the number of false negatives as much as possible by finetuning IDS and IPS rules, even if more false
positives are reported. Penetration testing can help determine when an IDS or IPS is not detecting a genuine
attack.
A true positive occurs when an IDS or IPS correctly identifies malicious traffic as malicious. For instance, a true
positive occurs when a virus or an attack is identified and the appropriate action is taken.
A true negative occurs when an IDS or IPS correctly identifies harmless traffic as harmless. For example, a true
negative occurs when an administrator correctly enters a password or when Hypertext Transfer Protocol
(HTTP) traffic is sent to a web server.Cisco: Cisco Secure IPS Excluding False Positive Alarms: False Positive and False Negative Alarms