A false negative occurs when the security system (usually a WAF) fails to identify a threat.
It produces a “negative” outcome (meaning that no threat has been observed), even though a threat exists.
This is the opposite of a false positive alarm,
where a system mistakenly identifies legitimate traffic as being hostile.
I would answer - false negative
False Positive - Incorrectly classified as positive
True Positive - Correctly classified as positive
False Negative - Incorrectly classified as Negative
True Negative - Correctly classified as Negative
In this case, the legitimate alert was "incorrectly classified as negative".
The correct answer is C. false positive.
When an analyst discovers that a legitimate security alert has been dismissed, it indicates a false positive.
A false positive occurs when a security system or tool generates an alert or indicates a security incident that is not actually malicious or threatening. In this case, the dismissed alert was mistakenly considered as a non-threatening event, leading to the legitimate security alert being ignored or overlooked.
a false negative occurs when a system fails to identify a threat producing a negative outcome even though a threat exists... the system didn't fail to identify a threat.
a false positive occurs when a system mistakenly identifies legitimate traffic as being hostile... the system didn't mistakenly identify legitimate traffic as being hostile, it's a legitimate security alert.
a true negative security alert refers to a situation where an alert has not been generated when a specific activity has occured (i.e. a threat)... the system didn't fail to generate an alert. it was dismissed.
a true positive security alert refers to a legitimate attack that triggers an alarm.. a legitimate alert was generated... and the only 'thing' (signature) that could cause this, would be a true positive.
an analyst discovers that a LEGITIMATE security alert (true positive) has been dismissed... someone dismissed a legitimate alert... imo, A, B and C are incorrect. I'm going with D.
negative means: there is no alert.
false negative means: the "no alert" is false > a legitimate security alert has been dismissed
therefore the correct answer is B
to understand it, think like that:
- positive: there is alert triggered:
1- true positive: true alert > there is a threat
2- false positive: false alert > no actual threat
- negative: there is no alert triggered:
1- true negative: true "no alert" > there is no threat
2- false negative: false "no alert" > there is a threat
The correct answer is B.
A false negative occurs when a security alert is missed or dismissed, allowing malicious traffic to go unnoticed. In this case, the analyst discovered that a legitimate security alert was dismissed, indicating that a threat was present but was not detected by the system. Therefore, the impact on network traffic was a false negative.
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
HarryPotter69
Highly Voted 3 years, 4 months agoJayPEI
2 years, 7 months agoMartinRB
1 year, 11 months agoHellome123
Most Recent 2 weeks, 3 days agod503c75
4 months, 1 week agod503c75
4 months agosheyshey
1 year, 1 month agoFaio
1 year, 4 months agoSecurityGuy
1 year, 5 months agoslippery31
1 year, 6 months agoTopsecret
1 year, 6 months agoethhacker
1 year, 4 months agoSwordfishtaco
1 year, 6 months agoIsuckatexams
1 year, 7 months agoCrazyD1337
1 year, 7 months agoMack279
1 year, 7 months agoalhamry
1 year, 8 months agoalhamry
1 year, 8 months agodrdecker100
1 year, 11 months agoapebrz
2 years, 3 months agoweganos
2 years, 4 months agosurforlife
2 years, 6 months ago