Which two of the following statements about IOAs are true? (Choose two.)

The two true statements about Indicators of Attack (IOAs) are:

1. IOAs do not point to an attack that already happened; they point to an attack that might be taking place. Indicators of Attack focus on identifying the active behaviors and tactics that attackers are using or may use. They are intended to detect ongoing or imminent attacks by looking at patterns of activity that are typically associated with malicious behavior.
2. IOAs are a helpful resource for proactive threat mitigation but tend to generate more false positives than IOCs. Because IOAs are based on behaviors that might be indicative of an attack, they can be more prone to false positives. This is because some legitimate activities may mimic the patterns that IOAs look for. However, despite this tendency, they are still valuable for proactive threat detection and mitigation.

The statement that IOAs analyze attacks that have already occurred is incorrect; that would be more indicative of Indicators of Compromise (IOCs). The statement about IOAs being inappropriate for threat mitigation is also not accurate; they are indeed useful for this purpose. Lastly, an example of an IOA would typically be more specific and behavior-based, such as unusual patterns of network traffic or unexpected changes in system configurations, rather than something as common as an internal host using well-known ports.