| Exam 200-201 | Question id=6082 | Security policies and procedures |
Which action should be taken if the system is overwhelmed with alerts when false positives and false negatives are compared?
| A. |
Modify the settings of the intrusion detection system. | |
| B. |
Design criteria for reviewing alerts. | |
| C. |
Redefine signature rules. | |
| D. |
Adjust the alerts schedule. |