PrepAway - Latest Free Exam Questions & Answers

which of the following?

When reviewing an intrusion detection system (IDS), an IS auditor should be MOST concerned
about which of the following?

PrepAway - Latest Free Exam Questions & Answers

A.
Number of nonthreatening events identified as threatening

B.
Attacks not being identified by the system

C.
Reports/logs being produced by an automated tool

D.
Legitimate traffic being blocked by the system

Explanation:

Attacks not being identified by the system present a higher risk, because they are unknown and no
action will be taken to address the attack. Although the number of false-positives is a serious
issue, the problem will be known and can be corrected. Often, IDS reports are first analyzed by an
automated tool to eliminate known false-positives, which generally are not a problem. An IDS does
not block any traffic.


Leave a Reply