Effective CISSP Questions

Which of the following intrusion detection system outcomes will trigger actions for the incident response team to contain the situation? (Wentz QOTD)
A. False Positive
B. True Positive
C. False Negative
D. True Negative

Kindly be reminded that the suggested answer is for your reference only. It doesn’t matter whether you have the right or wrong answer. What really matters is your reasoning process and justifications.

My suggested answer is B. True Positive.

Wentz’s book, The Effective CISSP: Security and Risk Management, helps CISSP and CISM aspirants build a solid conceptual security model. It is a tutorial for information security and a supplement to the official study guides for the CISSP and CISM exams and an informative reference for security professionals.

Incident Response Process
Incident Response Process

Positive and Negative are terms used to reflect the outcome of the judgment or prediction made by an intrusion detection system (IDS). A positive prediction means an intrusion is detected, while a negative means non-intrusion.

When a positive case is detected by an IDS, an alert is triggered for further analysis and validation. The alert can be validated as either true (real intrusion) or false (no intrusion).

A false positive will trigger an alert that is validated as false accordingly. The Incident Response team will not take any actions to contain the situation since there is no intrusion.

False Negative means IDS doesn’t trigger an alert but an intrusion happened actually. True Negative means IDS doesn’t trigger an alert and there is no intrusion.

PACS and IDS Decisions
PACS and IDS Decisions
Classification of IDS
Classification of IDS (source:
Top IDS Software
Top IDS Software (Source:


以下哪個入侵檢測系統結果會觸發事件響應團隊採取措施來控制這種情況? (Wentz QOTD)
A. 偽陽性
B. 真陽性
C. 偽陰性
D. 真陰性

Leave a Reply