CS0-003 · Question #523
CS0-003 Question #523: Real Exam Question with Answer & Explanation
Sign in or unlock CS0-003 to reveal the answer and full explanation for question #523. The question stem and answer options stay visible for context.
Question
A WAF weekly report shows that a daily spike occurs from the same subnet. An open-source review indicates the IP addresses belong to a legitimate internet service provider but have been flagged for DDoS attacks and reconnaissance scanning in the past year. Which of the following actions should a SOC analyst take first in response to these traffic uptick activities?
Options
- ARecommend a firewall rule implementation to deny all traffic from the IP subnet.
- BContinue monitoring because the traffic spike did not cause any security notifications or concerns.
- CReview the network logs to identify the context of traffic and what action was taken.
- DCheck the resource consumption levels to determine whether the uptick is due to a device
Unlock CS0-003 to see the answer
You've previewed enough free CS0-003 questions. Unlock CS0-003 for full answers, explanations, the timed quiz mode, progress tracking, and the master PDF. Question stem and options stay visible so you can still see what's on the exam.