What are two common alert dispositions? (Choose two.)

Two common alert dispositions in the context of security operations are:

1. True Positive: This disposition indicates that the alert was legitimate and accurately identified a real security threat or issue. It means that the alert correctly flagged malicious or suspicious activity.
2. False Positive: This is when an alert turns out to be incorrect or misleading. It indicates that the alert flagged activity as malicious or suspicious, but upon investigation, it was determined that the activity was benign or normal.

The other options listed, such as “malware,” “clean,” and “undetected,” are not alert dispositions. Instead, they describe the nature of the files or traffic (e.g., malware vs. clean), or the status of detection (e.g., undetected), rather than the outcome of an alert investigation.