A threat feed notes malicious actors have been infiltrating companies and exfiltrating data to a specific set of domains. Management at an organization wants to know if it is a victim. Which of the following should the security analyst recommend to identify this behavior without alerting any potential malicious actors?
A) Create an IPS rule to block these domains and trigger an alert within the SIEM tool when these domains are requested.
B) Add the domains to a DNS sinkhole and create an alert in the SIEM tool when the domains are queried
C) Look up the IP addresses for these domains and search firewall logs for any traffic being sent to those IPs over port 443
D) Query DNS logs with a SIEM tool for any hosts requesting the malicious domains and create alerts based on this information
Correct Answer:
Verified
Q63: A developer wrote a script to make
Q64: A security analyst discovered a specific series
Q65: As part of a review of incident
Q66: A cybersecurity analyst needs to rearchitect the
Q67: A security analyst is investigating a compromised
Q69: An analyst performs a routine scan of
Q70: Which of the following attacks can be
Q71: A security analyst recently discovered two unauthorized
Q72: Which of the following is the MOST
Q73: A security manager has asked an analyst
Unlock this Answer For Free Now!
View this answer and more for free by performing one of the following actions
Scan the QR code to install the App and get 2 free unlocks
Unlock quizzes for free by uploading documents