312-50V12 · Question #150
312-50V12 Question #150: Real Exam Question with Answer & Explanation
Sign in or unlock 312-50V12 to reveal the answer and full explanation for question #150. The question stem and answer options stay visible for context.
Question
Your company has been receiving regular alerts from its IDS about potential intrusions. On further investigation, you notice that these alerts have been false positives triggered by certain goodware files. In response, you are planning to enhance the IDS with YARA rules, reducing these false positives while improving the detection of real threats. Based on the scenario and the principles of YARA and IDS, which of the following strategies would best serve your purpose?
Options
- AWriting YARA rules specifically to identify the goodware files triggering false positives
- BImplementing YARA rules that focus solely on known malware signatures
- CCreating YARA rules to examine only the private database for intrusions
- DIncorporating YARA rules to detect patterns in all files regardless of their nature
Unlock 312-50V12 to see the answer
You've previewed enough free 312-50V12 questions. Unlock 312-50V12 for full answers, explanations, the timed quiz mode, progress tracking, and the master PDF. Question stem and options stay visible so you can still see what's on the exam.