How can you detect a false negative on an IPS?

Posted by: Pdfprep Category: 210-260 Tags: , ,

How can you detect a false negative on an IPS?
A . View the alert on the IP
C . Review the IPS log.
D . Review the IPS console.
E . Use a third-party system to perform penetration testing.
F . Use a third-party to audit the next-generation firewall rules.

Answer: D

Explanation:

A false negative, however, is when there is malicious traffic on the network, and for whatever reason the IPS/ IDS did not trigger an alert, so there is no visual indicator (at least from the IPS/IDS system) that anything negative is going on. In the case of a false negative, you must use some third-party or external system to alert you to the problem at hand, such as syslog messages from a network device.

Source: Cisco Official Certification Guide, Positive/Negative Terminology, p.463

Leave a Reply

Your email address will not be published.