Cisco Exam 300-215 Topic 5 Question 72 Discussion

Actual exam question for Cisco's 300-215 exam

Question #: 72
Topic #: 5

Refer to the exhibit.

A company that uses only the Unix platform implemented an intrusion detection system. After the initial configuration, the number of alerts is overwhelming, and an engineer needs to analyze and classify the alerts. The highest number of alerts were generated from the signature shown in the exhibit. Which classification should the engineer assign to this event?

ATrue Negative alert

BFalse Negative alert

CFalse Positive alert

DTrue Positive alert

Show Suggested Answer

Suggested Answer: C

by Timothy at Apr 12, 2024, 04:19 AM

Limited Time Offer

25%

Off

Get Premium 300-215 Questions as Interactive Web-Based Practice Test or PDF

Comments

Submit Cancel

Alita

1 days ago

Hmm, let's think this through. Based on the information provided, it seems like the high number of alerts is a problem, so the engineer needs to classify them correctly. I'm leaning towards D) True Positive alert, since that seems to be the right classification for a legitimate security event that the system is detecting.

upvoted 0 times

...

Caitlin

3 days ago

Wow, this question is really tricky! I'm not sure I understand the difference between all these 'false' and 'true' alert classifications. Can someone help me out here?

upvoted 0 times

...