اختبار شهادة محلل الأمن السيبراني CompTIA CySA+

السؤال 500 من 1040

كل الأسئلة

تنبيه مهم

هذه الصفحة مخصصة للأرشفة وظهور السؤال في نتائج البحث فقط، وليست التجربة الفعلية للاختبار.

A SOC analyst observes reconnaissance activity from an IP address. The activity follows a pattern of short bursts toward a low number of targets. An open-source review shows that the IP has a bad reputation. The perimeter firewall logs indicate the inbound traffic was allowed. The destination hosts are high-value assets with EDR agents installed. Which of the following is the best action for the SOC to take to protect against any further activity from the source IP?

A Add the IP address to the EDR deny list.
B Create a SIEM signature to trigger on any activity from the source IP subnet detected by the web proxy or firewalls for immediate notification.
C Implement a prevention policy for the IP on the WAF.
D Activate the scan signatures for the IP on the NGFWs.

السؤال السابق

السؤال التالي

لا توجد نقاشات منشورة لهذا السؤال حالياً.