Splunk Observability Cloud Certified Metrics User — Question 56
An IDS signature is designed to detect and alert on logins to a certain server, but only if they occur from 6:00 PM - 6:00 AM. If no IDS alerts occur in this window, but the signature is known to be correct, this would be an example of what?
Answer options
- A. A True Negative.
- B. A True Positive.
- C. A False Negative.
- D. A False Positive.
Correct answer: A
Explanation
This scenario exemplifies a True Negative because the IDS signature did not trigger any alerts during the specified timeframe when logins were not made, confirming that the system is functioning as expected. A True Positive would indicate an alert for a legitimate threat, while a False Negative would suggest an alert should have occurred but didn't, and a False Positive indicates an alert for activity that wasn't actually a threat.