Home » Cisco » 210-260 v.2 » How can you detect a false negative on an IPS?
How can you detect a false negative on an IPS?
A. View the alert on the IPS.
B. Review the IPS log.
C. Review the IPS console.
D. Use a third-party system to perform penetration testing.
E. Use a third-party to audit the next-generation firewall rules.
Correct Answer: D
Explanation/Reference:
You need a third party system to perform penetration testing to identify false negative on IPS. Reference: http://airccse.org/journal/ijsptm/papers/4115ijsptm04.pdf
A false negative, however, is when
there is malicious traffic on the network, and for whatever reason the IPS/IDS did not trigger
an alert, so there is no visual indicator (at least from the IPS/IDS system) that anything negative
is going on. In the case of a false negative, you must use some third-party or external
system to alert you to the problem at hand, such as syslog messages from a network device