Free CompTIA Security+ SY0-701 Practice Question

The security team at a large corporation is inundated with alerts from their Security Information and Event Management system, with a substantial number being false positives. What is the most effective approach to reduce the number of false positive alerts without significantly compromising the ability to detect actual threats?

  • Turn off alerts for events considered low risk to reduce the number of incoming notifications.

  • Refine correlation rules to enforce more specific conditions for triggering alerts.

  • Raise the alert threshold so only the highest severity incidents are reported.

  • Disable alerts that are commonly producing false positives.

This question's topic:
CompTIA Security+ SY0-701 / 
Security Operations
Your Score:

Check or uncheck an objective to set which questions you will receive.