Appendix D. Memory Tables Answer Key
Security controls are classified in one of the following terms:
• True positive: A situation in which a signature fires correctly when intrusive traffic for that signature is detected on the network. The signature correctly identifies an attack against the network. This represents normal and optimal operation.
• False positive: A situation in which normal user activity triggers an alarm or response. This is a consequence of nonmalicious activity. This represents an error and generally is caused by excessively tight proactive controls or excessively relaxed reactive controls.
• True negative: A situation in which a signature does not fire during normal user traffic on the network. The security control ...