CompTIA CASP+ Practice Test

What is the most likely reason why an attacker successfully compromised a network despite IDS logging an attack attempt?

• A. Inadequate breach detection strategies
• B. No one was reviewing the IDS event logs
• C. Outdated intrusion detection signatures
• D. Poor user training on security awareness

The correct answer is: No one was reviewing the IDS event logs

The selected answer highlights a critical vulnerability in network security practices. If no one is reviewing the IDS (Intrusion Detection System) event logs, then the alerts generated by the system are effectively going unnoticed. IDS is designed to monitor and analyze network traffic for suspicious activity and possible intrusions. However, the mere presence of an IDS does not guarantee protection; timely review and response to the logs are essential for effective incident response. An unmonitored IDS can lead to several consequences, such as the inability to detect ongoing attacks in real time or neglecting alerts that could indicate a compromised system. This oversight allows attackers to exploit vulnerabilities without detection, making it easier for them to gain unauthorized access to sensitive areas of the network. While other options present valid concerns, they do not directly address the immediate issue of the IDS's alerts being ignored. Inadequate breach detection strategies could highlight a broader systemic issue, outdated intrusion detection signatures might not recognize new threats, and poor user training could lead to other vulnerabilities, but none of these conditions are directly responsible for the logs not being reviewed. Therefore, the lack of human oversight in reviewing the IDS logs is the most direct explanation for why an attacker successfully compromised the network despite having an IDS in place.