GIAC Security Essentials Certification (GSEC) — Question 13

Why are false positives such a problem with IPS technology?

Answer options

• A. File integrity is not guaranteed.
• B. Malicious code can get into the network.
• C. Legitimate services are not delivered.
• D. Rules are often misinterpreted.

Correct answer: D

Explanation

The correct answer is D because false positives occur when the IPS misinterprets legitimate traffic as malicious, leading to unnecessary blocking of services. Options A, B, and C describe different issues related to security and network integrity but do not directly address the implications of false positives in the context of IPS.