An IDS alert shows a random user has administrative privileges, some files are missing, and other files appear. Which alert type is this?

Unlock all questions

This demo includes only 20 questions. Upgrade to access hundreds of questions, flashcards, exam simulations, and disable ads.

Full question bankExam simulationsFlashcards
From $9.99Unlock all

Prepare for the EC-Council Certified Ethical Hacker (CEH) Certification. Use flashcards and multiple choice questions with hints and explanations. Ace your exam!

Multiple Choice

An IDS alert shows a random user has administrative privileges, some files are missing, and other files appear. Which alert type is this?

Explanation:
Interpreting IDS outcomes: when the alert matches real compromise, it’s a true positive. In this scenario, a random user suddenly has administrative privileges and files are missing or appearing, which are classic signs of a real intrusion and privilege escalation. The IDS correctly flags this activity, so the alert is a true positive. A false positive would be the system alerting on benign activity as malicious, a false negative would miss an actual intrusion, and an audit alert isn’t the typical label for a live security breach.

Interpreting IDS outcomes: when the alert matches real compromise, it’s a true positive. In this scenario, a random user suddenly has administrative privileges and files are missing or appearing, which are classic signs of a real intrusion and privilege escalation. The IDS correctly flags this activity, so the alert is a true positive. A false positive would be the system alerting on benign activity as malicious, a false negative would miss an actual intrusion, and an audit alert isn’t the typical label for a live security breach.

More Multiple Choice Questions
Subscribe

Get the latest from Examzify

You can unsubscribe at any time. Read our privacy policy