CISA Certified Information Systems Auditor – Question1538
The most common problem in the operation of an intrusion detection system (IDS) is: A. the detection of false positives. B. receiving trap messages. C. reject-error rates. D. denial-of-service attacks.
Correct Answer: A
Explanation:
Explanation:
Because of the configuration and the way IDS technology operates, the main problem in operating IDSs is the recognition (detection) of events that are not really security incidents- false positives, the equivalent of a false alarm. An IS auditor needs to be aware of this and should check for implementation of related controls, such as IDS tuning, and incident handling procedures, such as the screening process to know if an event is a security incident or a false positive. Trap messages are generated by the Simple
Network Management Protocol (SNMP) agents when an important event happens, but are not particularly related to security or IDSs.
Reject-error rate is related to biometric technology and is not related to IDSs. Denial-of-service is a type of attack and is not a problem in the operation of IDSs.
Please disable your adblocker or whitelist this site!