Multiple Choice
A threat feed notes malicious actors have been infiltrating companies and exfiltrating data to a specific set of domains. Management at an organization wants to know if it is a victim. Which of the following should the security analyst recommend to identify this behavior without alerting any potential malicious actors?
A) Create an IPS rule to block these domains and trigger an alert within the SIEM tool when these domains are requested.
B) Add the domains to a DNS sinkhole and create an alert in the SIEM tool when the domains are queried
C) Look up the IP addresses for these domains and search firewall logs for any traffic being sent to those IPs over port 443
D) Query DNS logs with a SIEM tool for any hosts requesting the malicious domains and create alerts based on this information
Correct Answer:
Verified
Correct Answer:
Verified
Q63: A Chief Information Security Officer (CISO) is
Q64: A security team wants to make SaaS
Q65: A small electronics company decides to use
Q66: A security analyst wants to identify which
Q67: A security analyst is investigating a system
Q69: A finance department employee has received a
Q70: A Chief Information Security Officer (CISO) is
Q71: A network attack that is exploiting a
Q72: A cybersecurity analyst is supporting an incident
Q73: A security analyst is conducting a post-incident