Cisco
350-201(NEW-127Q) · Question #65
350-201(NEW-127Q) Question #65: Real Exam Question with Answer & Explanation
Sign in or unlock 350-201(NEW-127Q) to reveal the answer and full explanation for question #65. The question stem and answer options stay visible for context.
Threat Detection and Analysis
Question
A security operations team is experiencing frequent false positives from detection rules designed to flag suspicious outbound network traffic in their SIEM system. The rules are based on traffic volume, specific IP address ranges, and known malicious domains. Legitimate business applications with high traffic and dynamic IPs are often triggering alerts. Which set of troubleshooting approaches should the team take to improve the accuracy of the detection rules?
Options
- AIncrease traffic thresholds, remove IP-based rules, and rely on domain matching only.
- BTurn off alerts temporarily and only monitor manually for high-risk domains.
- CBaseline normal traffic patterns, refine rule thresholds, and automate IP allow list synchronization.
- DDisable current rules and create entirely new ones based on traffic volume.
Unlock 350-201(NEW-127Q) to see the answer
You've previewed enough free 350-201(NEW-127Q) questions. Unlock 350-201(NEW-127Q) for full answers, explanations, the timed quiz mode, progress tracking, and the master PDF. Question stem and options stay visible so you can still see what's on the exam.
Topics
#SIEM#Detection Rules#False Positives#Baselining