Exam 312-50v12 topic 1 question 98 discussion

from the reponse of hasib125 - V10 Q213 - D. False positive True Positive - IDS referring a behavior as an attack, in real life it is True Negative - IDS referring a behavior not an attack and in real life it is not False Positive - IDS referring a behavior as an attack, in real life it is not False Negative - IDS referring a behavior not an attack, but in real life is an attack

D. False Positive Not an attack/intrusion

D. False positive

This is a poorly worded question. The best answer is a Benign Positive, since the alert is doing a true detection, but the activity isn't malicious. Unfortunately EC-Council does not list "Benign Positive" as one of the answers on the pick list. According to NIST SP 800-86 pages 6-13 and C-1, a benign positive is a type of false positive. See also https://csrc.nist.gov/glossary/term/false_positive. So the best answer of the ones listed is D. False positive.

False Positive (No attack - Alert). The IDS is doing its job correctly but there is no attack in this case because it was the administrator's legitimate action that triggered the alert.

False Positive (No attack - Alert). The ISD is doing its job correctly but there is no attack in this case because it was the administrator's legitimate action that triggered the alert.

D. False positive

C. True positive the IDS correctly identified the access to the external router event

the C option is Correct :True Positive https://developers.google.com/machine-learning/crash-course/classification/true-false-positive-negative#:~:text=Similarly%2C%20a%20true%20negative%20is,incorrectly%20predicts%20the%20negative%20class.

D. False positive

This is a true positive alert, as the IDS correctly identified an actual security event that occurred. The event was the administrator accessing the external router to update the configuration, which triggered the IDS alert.