An organization notices that a security tool repeatedly flags legitimate accounting emails as hazardous. A security engineer verifies the messages are valid communications. Which reason explains why these notifications keep appearing?
The scanning module is limited to local logs and does not review relevant headers.
The detection engine is missing stealth attacks and failing to capture real threats.
The system is labeling authorized content as hazardous due to excessive sensitivity settings.
Staff is neglecting recommended procedures and repeatedly sending suspicious messages.
This issue is a textbook example of false positives, where legitimate content is incorrectly flagged due to overly sensitive configuration settings. The scenario rules out user misconduct or system limitations, and other options like missing stealth threats relate to false negatives — not applicable here.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What are false positives in cybersecurity?
Open an interactive chat with Bash
How can sensitivity settings affect security alerts?
Open an interactive chat with Bash
What is the difference between false positives and false negatives?