A false negative occurs when the security system (usually a WAF) fails to identify a threat.
It produces a “negative” outcome (meaning that no threat has been observed), even though a threat exists.
This is the opposite of a false positive alarm,
where a system mistakenly identifies legitimate traffic as being hostile.
I would answer - false negative
False Positive - Incorrectly classified as positive
True Positive - Correctly classified as positive
False Negative - Incorrectly classified as Negative
True Negative - Correctly classified as Negative
In this case, the legitimate alert was "incorrectly classified as negative".
The correct answer is C. false positive.
When an analyst discovers that a legitimate security alert has been dismissed, it indicates a false positive.
A false positive occurs when a security system or tool generates an alert or indicates a security incident that is not actually malicious or threatening. In this case, the dismissed alert was mistakenly considered as a non-threatening event, leading to the legitimate security alert being ignored or overlooked.
a false negative occurs when a system fails to identify a threat producing a negative outcome even though a threat exists... the system didn't fail to identify a threat.
a false positive occurs when a system mistakenly identifies legitimate traffic as being hostile... the system didn't mistakenly identify legitimate traffic as being hostile, it's a legitimate security alert.
a true negative security alert refers to a situation where an alert has not been generated when a specific activity has occured (i.e. a threat)... the system didn't fail to generate an alert. it was dismissed.
a true positive security alert refers to a legitimate attack that triggers an alarm.. a legitimate alert was generated... and the only 'thing' (signature) that could cause this, would be a true positive.
an analyst discovers that a LEGITIMATE security alert (true positive) has been dismissed... someone dismissed a legitimate alert... imo, A, B and C are incorrect. I'm going with D.
negative means: there is no alert.
false negative means: the "no alert" is false > a legitimate security alert has been dismissed
therefore the correct answer is B
to understand it, think like that:
- positive: there is alert triggered:
1- true positive: true alert > there is a threat
2- false positive: false alert > no actual threat
- negative: there is no alert triggered:
1- true negative: true "no alert" > there is no threat
2- false negative: false "no alert" > there is a threat
The correct answer is B.
A false negative occurs when a security alert is missed or dismissed, allowing malicious traffic to go unnoticed. In this case, the analyst discovered that a legitimate security alert was dismissed, indicating that a threat was present but was not detected by the system. Therefore, the impact on network traffic was a false negative.
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
HarryPotter69
Highly Voted 3 years, 5 months agoJayPEI
2 years, 9 months agoMartinRB
2 years agoHellome123
Most Recent 2 months agod503c75
5 months, 3 weeks agod503c75
5 months, 3 weeks agosheyshey
1 year, 3 months agoFaio
1 year, 6 months agoSecurityGuy
1 year, 6 months agoslippery31
1 year, 7 months agoTopsecret
1 year, 8 months agoethhacker
1 year, 6 months agoSwordfishtaco
1 year, 8 months agoIsuckatexams
1 year, 9 months agoCrazyD1337
1 year, 9 months agoMack279
1 year, 9 months agoalhamry
1 year, 10 months agoalhamry
1 year, 10 months agodrdecker100
2 years agoapebrz
2 years, 4 months agoweganos
2 years, 6 months agosurforlife
2 years, 8 months ago