An administrator claims he is receiving too many false positives on his IDS system. What is he referencing?
A.
Alarms detected and logged by IDS.
B.
Alarms detected by IDS and not acted upon.
C.
Alarms caused by illegitimate traffic or activities.
D.
Alarms caused by legitimate traffic or activities.
Explanation:
False-positives are defined as alarms caused by legitimate traffic or activity.
False negatives are attacks that the IDS system fails to see.
REF;Safe white papers;page 8
SAFE: Extending the Security Blueprint to Small, Midsize, and Remote-User Networks