The most common problem in the operation of an intrusion detection system (IDS) is:

A.
the detection of false positives.

B.
receiving trap messages.

C.
reject-error rates.

D.
denial-of-service attacks.

Explanation:
Because of the configuration and the way IDS technology operates, the main problem in operating IDSs is the
recognition (detection) of events that are not really security incidents-false positives, the equivalent of a false
alarm. An IS auditor needs to be aware of this and should check for implementation of related controls, such as
IDS tuning, and incident handling procedures, such as the screening process to know if an event is a security
incident or a false positive. Trap messages are generated by the Simple Network Management Protocol
(SNMP) agents when an important event happens, but are not particularly related to security or IDSs. Rejecterror rate is related to biometric technology and is not related to IDSs. Denial-of-service is a type of attack and
is not a problem in the operation of IDSs.