Palo_Alto_Networks
SECOPS-PRO · Question #76
SECOPS-PRO Question #76: Real Exam Question with Answer & Explanation
Sign in or unlock SECOPS-PRO to reveal the answer and full explanation for question #76. The question stem and answer options stay visible for context.
Question
A Security Operations Center (SOC) analyst is reviewing alerts generated by a Palo Alto Networks Next-Generation Firewall (NGFW) configured with Threat Prevention. An alert is triggered for an alleged 'C2 beaconing' activity from an internal host to an external IP address. Upon investigation, the analyst discovers the external IP belongs to a legitimate cloud-based productivity suite, and the traffic is standard API communication. What is the most accurate classification of this alert, and what immediate action should be taken?
Options
- AFalse Negative; The firewall missed a true C2 connection. Reconfigure the firewall to be more
- BTrue Positive; This is a confirmed C2 connection. Isolate the host immediately and initiate incident
- CFalse Positive; The alert was generated for legitimate traffic. Suppress the alert and create an
- DTrue Negative; The firewall correctly identified benign traffic. No action is required.
- EFalse Positive; The alert was generated for legitimate traffic. Report to vendor and disable the C2
Unlock SECOPS-PRO to see the answer
You've previewed enough free SECOPS-PRO questions. Unlock SECOPS-PRO for full answers, explanations, the timed quiz mode, progress tracking, and the master PDF. Question stem and options stay visible so you can still see what's on the exam.