GIAC
GSEC · Question #306
GSEC Question #306: Real Exam Question with Answer & Explanation
Sign in or unlock GSEC to reveal the answer and full explanation for question #306. The question stem and answer options stay visible for context.
Question
A security analyst has entered the following rule to detect malicious web traffic: alert tcp any -> 192.168.1.0/24 SO (msg: Attempted SQL Injection!"; sld:20000001;) How can this rule be changed to reduce false positives?
Options
- AChange the rule to make it apply bi -directional to source and destination
- BAdd more detail in the rule to make it more specific to the attack pattern
- CAdd an additional rule to apply to destination port 443 as well as 80
- DMake the IP range more general so that it applies to all webservers
Unlock GSEC to see the answer
You've previewed enough free GSEC questions. Unlock GSEC for full answers, explanations, the timed quiz mode, progress tracking, and the master PDF. Question stem and options stay visible so you can still see what's on the exam.