CompTIA Security Plus Mock Test Q210

Ann, a security technician, is reviewing the IDS log files. She notices a large number of alerts for multicast packets from the switches on the network. After investigation, she discovers that this is normal activity for her network. Which of the following BEST describes these results?

A. True negatives
B. True positives
C. False positives
D. False negatives

Correct Answer: C
Section: Compliance and Operational Security

False positives are essentially events that are mistakenly flagged and are not really events to be concerned about.

Incorrect Answers:
A: True negatives would be non-events.
B: True positives would be real alerts and alarms.
D: With a false negative, you are not alerted to a situation when you should be alerted – The opposite of false negatives.

Dulaney, Emmett and Chuck Eastton, CompTIA Security+ Study Guide, 6th Edition, Sybex, Indianapolis, 2014, p. 28