CompTIA CASP+ (CAS-004) — Question 528

A security analyst is reviewing SIEM events and is uncertain how to handle a particular event. The file is reviewed with the security vendor who is aware that this type of file routinely triggers this alert. Based on this information, the security analyst acknowledges this alert. Which of the following event classifications is MOST likely the reason for this action?

Answer options

• A. True negative
• B. False negative
• C. False positive
• D. Non-automated response

Correct answer: C

Explanation

The correct answer is C, False positive, because the alert was triggered by a file that is known to cause such alerts without indicating an actual threat. The other options are incorrect as True negative indicates no alert should be triggered, False negative refers to a missed threat, and Non-automated response does not classify the nature of the alert itself.