O'Reilly logo
  • Zephyr Hsu thinks this is interesting:

If the threshold is set too low, nonintrusive activities are considered attacks (false positives). If the threshold is set too high, malicious activities are not identified (false negatives).

From

Cover of CISSP All-in-One Exam Guide, Seventh Edition, 7th Edition

Note

Answer should be “A”? From Chapter 5 content: “If the threshold is set too low, nonintrusive activities are considered attacks (false positives). If the threshold is set too high, some malicious activities won't be identified (false negatives).”