17 May Practice Test Question – SIEM Alert Parameters
Preparing for your next security certification exam? After trying your hand at this practice test question, join the FREE CertMike Study Group for the CISSP, Security+, CySA+, PenTest+, CISM+ or SSCP certification to receive new questions each week. You’ll also receive free access to my customized study strategies.
Alex is reviewing alerts generated by his organization’s SIEM and determines that the SIEM is generating too many false positive alerts. What parameter can he alter to reduce the number of false positives?
A. Reduce the SIEM sensitivity
B. Increase the SIEM sensitivity
C. Reduce the SIEM capacity
D. Increase the SIEM capacity
Correct Answer: A
To alter the false positive rate, Alex should adjust the SIEM sensitivity. Increasing the sensitivity of the SIEM reduces the threshold for an alert and would increase the number of false positives. Decreasing the sensitivity of the SIEM would increase the threshold for an alert and decrease the number of false positives. Adjusting the SIEM capacity would adjust the amount of information that it can process and store, rather than changing the false positive rate.
Get a copy of my official CertMike Practice Test books for the Security+ exam, CISSP exam, SSCP exam, or CySA+ exam and practice with hundreds of questions designed just like the real test!
No Comments