Which of the following would BEST detect a malicious actor?

While reviewing an alert that shows a malicious request on one web application, a cybersecurity analyst is alerted to a subsequent token reuse moments later on a different service using the same single sign-on method.

Which of the following would BEST detect a malicious actor?
A . Utilizing SIEM correlation engines
B. Deploying Netflow at the network border
C. Disabling session tokens for all sites
D. Deploying a WAF for the web server

Answer: A

Explanation:

The initial compromise was a malicious request on a web server. Moments later the token created with SSO was used on another service, the question does not specify what type of service. Deploying a WAF on the web server will detect the attacker but only on that server. If the attacker issues the same malicious request to get another SSO token correlating that event with using that SSO token in other services would allows to detect the malicious activity.

Latest SY0-601 Dumps Valid Version with 396 Q&As

Latest And Valid Q&A | Instant Download | Once Fail, Full Refund

Subscribe
Notify of
guest
0 Comments
Inline Feedbacks
View all comments