Exam4Training

What is the most proper answer?

Darius is analysing logs from IDS. He want to understand what have triggered one alert and verify if it’s true positive or false positive.

Looking at the logs he copy and paste basic details like below:

source IP: 192.168.21.100

source port: 80

destination IP: 192.168.10.23

destination port: 63221

What is the most proper answer?
A . This is most probably true negative.
B . This is most probably true positive which triggered on secure communication between client and server.
C . This is most probably false-positive, because an alert triggered on reversed traffic.
D . This is most probably false-positive because IDS is monitoring one direction traffic.

Answer: A

Exit mobile version