ExamGecko
Search Search Login
Home Home / Cisco / 200-201
Question list
Search
Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

An organization that develops high-end technology is going through an internal audit The organization uses two databases The main database stores patent information and a secondary database stores employee names and contact information A compliance team is asked to analyze the infrastructure and identify protected data Which two types of protected data should be identified? (Choose two)
Which security principle is violated by running all processes as root or administrator?
DRAG DROP Drag and drop the technology on the left onto the data type the technology provides on the right.
An intruder attempted malicious activity and exchanged emails with a user and received corporate information, including email distribution lists. The intruder asked the user to engage with a link in an email. When the fink launched, it infected machines and the intruder was able to access the corporate network. Which testing method did the intruder use?
A SOC analyst detected connections to known C&C and port scanning activity to main HR database servers from one of the HR endpoints via Cisco StealthWatch. What are the two next steps of the SOC team according to the NISTSP800-61 incident handling process? (Choose two)
Which statement describes indicators of attack?
What is a difference between SIEM and SOAR?
What describes the impact of false-positive alerts compared to false-negative alerts?
Refer to the exhibit. What is the potential threat identified in this Stealthwatch dashboard?
What is the difference between statistical detection and rule-based detection models?

Question 229 - 200-201 discussion

Report
Export

What describes the impact of false-positive alerts compared to false-negative alerts?

A.

A false negative is alerting for an XSS attack. An engineer investigates the alert and discovers that an XSS attack happened A false positive is when an XSS attack happens and no alert is raised

Answers
A.

A false negative is alerting for an XSS attack. An engineer investigates the alert and discovers that an XSS attack happened A false positive is when an XSS attack happens and no alert is raised

B.

A false negative is a legitimate attack triggering a brute-force alert. An engineer investigates the alert and finds out someone intended to break into the system A false positive is when no alert and no attack is occurring

Answers
B.

A false negative is a legitimate attack triggering a brute-force alert. An engineer investigates the alert and finds out someone intended to break into the system A false positive is when no alert and no attack is occurring

C.

A false positive is an event alerting for a brute-force attack An engineer investigates the alert and discovers that a legitimate user entered the wrong credential several times A false negative is when a threat actor tries to brute-force attack a system and no alert is raised.

Answers
C.

A false positive is an event alerting for a brute-force attack An engineer investigates the alert and discovers that a legitimate user entered the wrong credential several times A false negative is when a threat actor tries to brute-force attack a system and no alert is raised.

D.

A false positive is an event alerting for an SQL injection attack An engineer investigates the alert and discovers that an attack attempt was blocked by IPS A false negative is when the attack gets detected but succeeds and results in a breach.

Answers
D.

A false positive is an event alerting for an SQL injection attack An engineer investigates the alert and discovers that an attack attempt was blocked by IPS A false negative is when the attack gets detected but succeeds and results in a breach.

Suggested answer: C

Explanation:

False positives and false negatives are terms used to describe the accuracy of security alerts. A false positive occurs when a security system incorrectly identifies benign activity as malicious, leading to unnecessary investigation and potential disruption of legitimate activities. Conversely, a false negative happens when a security system fails to detect actual malicious activity, allowing the attackers to proceed undetected. The impact of false positives is generally wasted time and resources investigating non-issues, while the impact of false negatives can be much more severe, potentially leading to undetected breaches and significant damage.

Show Answer
asked 07/10/2024
Adrian Kustosz
36 questions
PreviousPreviousNextNext
User
Your answer:
0 comments
Sorted by

Leave a comment first

ExamGecko

Copyright @2023 ExamGecko | All right reserved

Mail us: [email protected]
About us
Contact us
Twitter X
Facebook
Medium
Convert VPLUS to PDF
Open VPLUS files Easily and Quickly
Privacy Policy
Disclaimer
Terms