Prev Question
Next Question

When reviewing an intrusion detection system (IDS), an IS auditor should be MOST concerned
about which of the following?

Number of nonthreatening events identified as threatening

Attacks not being identified by the system

Reports/logs being produced by an automated tool

Legitimate traffic being blocked by the system

Attacks not being identified by the system present a higher risk, because they are unknown and no
action will be taken to address the attack. Although the number of false-positives is a serious issue,
the problem will be known and can be corrected. Often, IDS reports are first analyzed by an
automated tool to eliminate known false-positives, which generally are not a problem. An IDS does
not block any traffic.

Prev Question
Next Question

Leave a Reply

Your email address will not be published. Required fields are marked *