CompTIA CASP+ (CAS-004) — Question 260

A security engineer is working for a service provider and analyzing logs and reports from a new EDR solution, which is installed on a small group of workstations. Later that day, another security engineer receives an email from two developers reporting the software being used for development activities is now blocked. The developers have not made any changes to the software being used. Which of the following is the EDR reporting?

Answer options

• A. True positive
• B. False negative
• C. False positive
• D. True negative

Correct answer: C

Explanation

The correct answer is C, False positive, because the EDR mistakenly identified legitimate software as a threat, causing it to be blocked. A true positive would indicate an actual threat was correctly identified, while a false negative would mean a threat was missed, and a true negative would suggest that no threats were present at all.