Free Palo Alto Networks Cybersecurity-Apprentice Actual Exam Questions - Question 4 Discussion

Maybe A and B again, but thinking more about it, false positives basically mean harmless stuff is mistaken for a threat. C is about real threats, so it’s out. D says no action needed, but that’s more a response than a characteristic of the alert itself. E talks about malicious activity ignored, which sounds like a false negative, not positive. So A and B still feel right since they both describe legitimate or benign actions wrongly flagged as threats.

A/B? Both clearly point to normal activities wrongly flagged. D and E don’t fit false positives since they involve ignoring alerts or malicious activity actually happening.

A/B fits best since false positives mean normal stuff flagged as threats.

B imo because a false positive is basically a benign event flagged as a threat, which fits B perfectly. A also sounds right since legitimate user actions being flagged is basically the same thing described differently. C is about real threats, so no. D is more about response, not what a false positive alert actually is. E talks about ignored malicious activity, which is more like a false negative than a false positive. So A and B capture the concept best from different angles.

Option A and B make sense because false positives involve harmless actions flagged wrongly. C and E imply actual threats, so they don’t fit false positives. D isn’t really an alert characteristic.

A and B imo, those fit false positives best.