CS0-003 · Question #464
CS0-003 Question #464: Real Exam Question with Answer & Explanation
Sign in or unlock CS0-003 to reveal the answer and full explanation for question #464. The question stem and answer options stay visible for context.
Question
A SOC analyst observes reconnaissance activity from an IP address. The activity follows a pattern of short bursts toward a low number of targets. An open-source review shows that the IP has a bad reputation. The perimeter firewall logs indicate the inbound traffic was allowed. The destination hosts are high-value assets with EDR agents installed. Which of the following is the best action for the SOC to take to protect against any further activity from the source IP?
Options
- AAdd the IP address to the EDR deny list.
- BCreate a SIEM signature to trigger on any activity from the source IP subnet detected by the web
- CImplement a prevention policy for the IP on the WAF.
- DActivate the scan signatures for the IP on the NGFWs.
Unlock CS0-003 to see the answer
You've previewed enough free CS0-003 questions. Unlock CS0-003 for full answers, explanations, the timed quiz mode, progress tracking, and the master PDF. Question stem and options stay visible so you can still see what's on the exam.