Certified Ethical Hacker (CEH v12) — Question 317

When analyzing the IDS logs, the system administrator noticed an alert was logged when the external router was accessed from the administrator’s Computer to update the router configuration.
What type of an alert is this?

Answer options

• A. False negative
• B. True negative
• C. True positive
• D. False positive

Correct answer: D

Explanation

This alert is classified as a False positive because it indicates an alert was triggered for legitimate activity, which should not have raised a security concern. A True positive would indicate a legitimate threat, while a False negative would mean a threat was missed, and a True negative would indicate no threat was present.