CAS-005 · Question #24
CAS-005 Question #24: Real Exam Question with Answer & Explanation
The correct answer is B: Configure the scan policy to avoid targeting an out-of-scope host. Since the attack originated from an internal vulnerability scanner that wasn't supposed to scan the cloud servers, the first action should be to correct the scan policy to ensure it excludes out-of- scope targets. This prevents unintended disruption or alerts in the future.
Question
A security analyst received a notification from a cloud service provider regarding an attack detected on a web server. The cloud service provider shared the following information about the attack: - The attack came from inside the network. - The attacking source IP was from the internal vulnerability scanners - The scanner is not configured to target the cloud servers. Which of the following actions should the security analyst take first?
Options
- ACreate an allow list for the vulnerability scanner IPs m order to avoid false positives
- BConfigure the scan policy to avoid targeting an out-of-scope host
- CSet network behavior analysis rules
- DQuarantine the scanner sensor to perform a forensic analysis
Explanation
Since the attack originated from an internal vulnerability scanner that wasn't supposed to scan the cloud servers, the first action should be to correct the scan policy to ensure it excludes out-of- scope targets. This prevents unintended disruption or alerts in the future.
Community Discussion
No community discussion yet for this question.