Which of the following should the security analyst recommend to identity this behavior without alerting any potential malicious actors?

CS0-002 V3 0 Comments

A threat feed notes malicious actors have been infiltrating companies and exfiltration data to a specific set of domains Management at an organization wants to know if it is a victim.

Which of the following should the security analyst recommend to identity this behavior without alerting any potential malicious actors?
A . Create an IPS rule to block these domains and trigger an alert within the SIEM tool when these domains are requested
B. Add the domains to a DNS sinkhole and create an alert m the SIEM toot when the domains are queried
C. Look up the IP addresses for these domains and search firewall logs for any traffic being sent to those IPs over port 443
D. Query DNS logs with a SIEM tool for any hosts requesting the malicious domains and create alerts based on this information

Answer: D

Latest CS0-002 Dumps Valid Version with 220 Q&As

Latest And Valid Q&A | Instant Download | Once Fail, Full Refund

Instant Download CS0-002 PDF     CS0-002 Questions Online Training
Subscribe
Notify of
guest
0 Comments
Inline Feedbacks
View all comments