Which of the following is true if the IDS identifies activity as an attack and the activity is actually an attack?

A true positive occurs when an Intrusion Detection System (IDS) correctly identifies an attack that is actually taking place. This means that the system has effectively recognized a malicious activity and alerted the security team to the potential threat.

In cybersecurity, the concept of true positives is significant because it measures the effectiveness of an IDS in detecting real threats. When the IDS accurately detects an attack, it allows for a timely response, helping to mitigate potential damage.

Understanding the other potential outcomes: a false negative refers to a scenario where an attack occurs, but the IDS fails to identify it; a true negative involves the IDS correctly identifying that an activity is not an attack; while a false positive occurs when the IDS incorrectly identifies benign activity as an attack. Each of these scenarios highlights different aspects of the system’s performance, but a true positive is desirable because it confirms the IDS's capability to detect actual threats.