Cisco
350-201(NEW-127Q) · Question #18
350-201(NEW-127Q) Question #18: Real Exam Question with Answer & Explanation
Sign in or unlock 350-201(NEW-127Q) to reveal the answer and full explanation for question #18. The question stem and answer options stay visible for context.
Threat Detection and Response
Question
In a corporate environment, a security analyst must refine an intrusion detection system rule that erroneously flags secure file transfer protocol (SFTP) traffic as suspicious during large data transfers. The rule currently monitors for any SFTP connections above a certain data volume. Which adjustment would enhance the rule's specificity without compromising security?
Options
- ARequire manual verification for all SFTP sessions that exceeds the threshold.
- BApply stricter byte thresholds exclusively to external IP addresses.
- CImplement a whitelist for known internal IP addresses during peak transfer times.
- DModify the rule to check the ratio of incoming to outgoing packets.
Unlock 350-201(NEW-127Q) to see the answer
You've previewed enough free 350-201(NEW-127Q) questions. Unlock 350-201(NEW-127Q) for full answers, explanations, the timed quiz mode, progress tracking, and the master PDF. Question stem and options stay visible so you can still see what's on the exam.
Topics
#Intrusion Detection Systems#Alert Tuning#False Positive Reduction#Network Segmentation