Understanding Cisco Cybersecurity Operations Fundamentals (CBROPS) — Question 205

What describes the impact of false-positive alerts compared to false-negative alerts?

Answer options

• A. A false negative is alerting for an XSS attack. An engineer investigates the alert and discovers that an XSS attack happened. A false positive is when an XSS attack happens and no alert is raised.
• B. A false positive is an event altering for an SQL injection attack. An engineer investigates the alert and discovers that an attack attempt was blocked by IPS. A false negative is when the attack gets detected but succeeds and results in a breach.
• C. A false positive is an event altering for a brute-force attack. An engineer investigates the alert and discovers that a legitimate user entered the wrong credential several times. A false negative is when a threat actor tries to brute-force attack a system and no alert is raised.
• D. A false negative is a legitimate attack triggering a brute-force alert. An engineer investigates the alert and finds out someone intended to break into the system. A false positive is when no alert and no attack is occurring.

Correct answer: C

Explanation

Option C is correct because it accurately describes a false positive as a legitimate user triggering an alert without malicious intent, while a false negative occurs when an actual brute-force attack happens but goes undetected. The other options misrepresent the definitions of false positives and false negatives, leading to incorrect interpretations of the scenarios presented.