Understanding Cisco Cybersecurity Operations Fundamentals (CBROPS) — Question 318

Which action should be taken if the system is overwhelmed with alerts when false positives and false negatives are compared?

Answer options

• A. Modify the settings of the intrusion detection system.
• B. Design criteria for reviewing alerts.
• C. Redefine signature rules.
• D. Adjust the alerts schedule.

Correct answer: A

Explanation

The correct answer is to modify the settings of the intrusion detection system, as this directly addresses the issue of being overwhelmed with alerts. The other options, while potentially useful, do not specifically target the need to reduce alert volume caused by misclassifications.