Darius is analysing logs from IDS. He want to understand what have triggered one alert and verify if it’s true positive or false positive.
Looking at the logs he copy and paste basic details like below:
source IP: 192.168.21.100
source port: 80
destination IP: 192.168.10.23
destination port: 63221
What is the most proper answer?
A . This is most probably true negative.
B . This is most probably true positive which triggered on secure communication between client and server.
C . This is most probably false-positive, because an alert triggered on reversed traffic.
D . This is most probably false-positive because IDS is monitoring one direction traffic.
Answer: A