Certified Incident Handler (ECIH) — Question 20
Richards, a security specialist at an organization, was monitoring an IDS system. While monitoring, he suddenly received an alert of an ongoing intrusion attempt on the organization's network. He immediately averted the malicious actions by implementing the necessary measures.
Identify the type of alert generated by the IDS system in the above scenario.
Answer options
- A. True positive
- B. True negative
- C. False negative
- D. False positive
Correct answer: A
Explanation
The alert generated by the IDS system is a True positive because it correctly identified a real intrusion attempt, allowing Richards to take immediate action. A True negative would indicate no threat was present, while a False negative would mean the IDS failed to detect an actual intrusion. A False positive would imply the IDS incorrectly flagged benign activity as malicious.