nerdexam
CompTIA

SY0-301 · Question #583

A system security analyst using an enterprise monitoring tool notices an unknown internal host exfiltrating files to several foreign IP addresses. Which of the following would be an appropriate mitiga

The correct answer is B. Rogue machine detection. The critical word here is 'unknown internal host.' The device is on the internal network but is not recognized, indicating it is a rogue or unauthorized machine. Rogue machine detection (Option B) identifies and isolates unauthorized devices on the network, directly addressing th

Security operations

Question

A system security analyst using an enterprise monitoring tool notices an unknown internal host exfiltrating files to several foreign IP addresses. Which of the following would be an appropriate mitigation technique?

Options

  • ADisabling unnecessary accounts
  • BRogue machine detection
  • CEncrypting sensitive files
  • DImplementing antivirus

How the community answered

(55 responses)
  • A
    5% (3)
  • B
    76% (42)
  • C
    4% (2)
  • D
    15% (8)

Explanation

The critical word here is 'unknown internal host.' The device is on the internal network but is not recognized, indicating it is a rogue or unauthorized machine. Rogue machine detection (Option B) identifies and isolates unauthorized devices on the network, directly addressing the source of the threat. Option A (Disabling unnecessary accounts) targets user accounts, not rogue hardware. Option C (Encrypting sensitive files) protects data at rest but does not stop an active exfiltration from an already-compromised or rogue device. Option D (Implementing antivirus) helps with malware but does not identify unauthorized hardware. The first step is to identify and remove the unknown device from the network.

Topics

#data exfiltration#rogue machine detection#incident response#network monitoring

Community Discussion

No community discussion yet for this question.

Full SY0-301 Practice