300-215 · Question #140
300-215 Question #140: Real Exam Question with Answer & Explanation
The correct answer is B: Engage advanced decryption and anomaly analysis for the flagged traffic.. Because the primary indicator is an encrypted traffic spike to a Tor exit node from high-value servers, the first focused action should be to analyze that network stream for malicious characteristics. Applying advanced traffic inspection (where possible), metadata analysis, TLS/s
Question
During an overnight shift, a cybersecurity team at a global trading firm detects irregular activity. The network intrusion system flags an encrypted traffic spike from high-value transaction servers to an anonymous Tor exit node. Simultaneously, internal surveillance tools report unusual database queries and access patterns resembling exfiltration techniques. Which focused action should the team take first to analyze and address these potential security threats?
Options
- AImplement dynamic firewall rules to block suspicious outbound connections.
- BEngage advanced decryption and anomaly analysis for the flagged traffic.
- CCross-reference database access logs with user activity profiles.
- DInitiate immediate containment protocols for transaction servers.
Explanation
Because the primary indicator is an encrypted traffic spike to a Tor exit node from high-value servers, the first focused action should be to analyze that network stream for malicious characteristics. Applying advanced traffic inspection (where possible), metadata analysis, TLS/session fingerprinting, and anomaly analytics helps determine whether this is true exfiltration, what process/endpoints are involved, and what scope/urgency is required before taking potentially disruptive containment or blocking actions.
Topics
Community Discussion
No community discussion yet for this question.