An IS auditor finds the log management system is overwhelmed with false positive alerts.

CISA V2 0 Comments

An IS auditor finds the log management system is overwhelmed with false positive alerts.

The auditor’s BEST recommendation would be to:
A . establish criteria for reviewing alerts.
B . recruit more monitoring personnel.
C . reduce the firewall rules.
D . fine tune the intrusion detection system (IDS).

Answer: D

Explanation:

Fine tuning the intrusion detection system (IDS) is the best recommendation to reduce the number of false positive alerts that overwhelm the log management system, because it can help adjust the sensitivity and accuracy of the IDS rules and signatures to match the network environment and traffic patterns. Establishing criteria for reviewing alerts, recruiting more monitoring personnel, and reducing the firewall rules are not effective solutions to address the root cause of the false positive alerts, but rather ways to cope with the consequences.

References: CISA Review Manual (Digital Version), Chapter 5, Section 5.4.3

Latest CISA Dumps Valid Version with 2694 Q&As

Latest And Valid Q&A | Instant Download | Once Fail, Full Refund

Instant Download CISA PDF     CISA Questions Online Training
Subscribe
Notify of
guest
0 Comments
Inline Feedbacks
View all comments