Which of the following should the security analyst recommend to identity this behavior without alerting any potential malicious actors?

A threat feed notes malicious actors have been infiltrating companies and exfiltration data to a specific set of domains Management at an organization wants to know if it is a victim.

Which of the following should the security analyst recommend to identity this behavior without alerting any potential malicious actors?
A . Create an IPS rule to block these domains and trigger an alert within the SIEM tool when these domains are requested
B . Add the domains to a DNS sinkhole and create an alert m the SIEM toot when the domains are queried
C . Look up the IP addresses for these domains and search firewall logs for any traffic being sent to those IPs over port 443
D . Query DNS logs with a SIEM tool for any hosts requesting the malicious domains and create alerts based on this information

Answer: D

Latest CS0-002 Dumps Valid Version with 220 Q&As

Latest And Valid Q&A | Instant Download | Once Fail, Full Refund

Subscribe
Notify of
guest
0 Comments
Inline Feedbacks
View all comments