Certified SOC Analyst (CSA) — Question 31
David is a SOC analyst in Karen Tech. One day an attack is initiated by the intruders but David was not able to find any suspicious events.
This type of incident is categorized into __________?
Answer options
- A. True Positive Incidents
- B. False positive Incidents
- C. True Negative Incidents
- D. False Negative Incidents
Correct answer: C
Explanation
The correct answer, C. True Negative Incidents, refers to scenarios where no threat is present, and the analyst correctly identifies that by not seeing suspicious events. The other options are incorrect because a True Positive would indicate a detected threat, a False Positive suggests a non-existent threat was flagged, and a False Negative means a threat was present but not detected.