- All Exams Instant Download
An analyst notices that there are a number of invalid Offenses being created from a network node. This node has been determined to be in Domain 2 and has the following log sources sending it events: (3Com 8800 Series Switch from 172.18.1.1, Cisco ACE Firewall from 172.18.1.2, FireEye from 172.18.1.3, and Palo Alto PA Series from 172.18.1.8).
An analyst notices that there are a number of invalid Offenses being created from a network node. This node has been determined to be in Domain 2 and has the following log sources sending it events: (3Com 8800 Series Switch from 172.18.1.1, Cisco ACE Firewall from 172.18.1.2, FireEye from 172.18.1.3, and Palo Alto PA Series from 172.18.1.8).
The analyst should create a False Positive Building Block that has a filter:
A . "when the destination IP is in 172.18.0.0/16"
B . "when the local network is Domain 2 and when the source IP is in 172.18.0.0/16"
C . "when the remote IP is one of the following 172.18.1.1, 172.18.1.2. 1.3 172. 18.18.1.8
D . "when the local network is Domain 2 and when the source IP is in 172.18.0.0/16"
Answer: D
Subscribe
Login
0 Comments
