Certified Information Systems Auditor (CISA) — Question 30

Which of the following is the BEST indicator of the effectiveness of signature-based intrusion detection systems (IDSs)?

Answer options

• A. An increase in the number of internally reported critical incidents
• B. An increase in the number of unfamiliar sources of intruders
• C. An increase in the number of identified false positives
• D. An increase in the number of detected incidents not previously identified

Correct answer: D

Explanation

The correct answer, D, indicates that the IDS is effectively identifying new threats, which is a primary function of such systems. Options A and B focus on incidents and sources but do not directly measure detection capability. Option C refers to false positives, which are indicative of issues but not a measure of the system's effectiveness in detecting new threats.