SY0-301 · Question #583
A system security analyst using an enterprise monitoring tool notices an unknown internal host exfiltrating files to several foreign IP addresses. Which of the following would be an appropriate mitiga
The correct answer is B. Rogue machine detection. The critical word here is 'unknown internal host.' The device is on the internal network but is not recognized, indicating it is a rogue or unauthorized machine. Rogue machine detection (Option B) identifies and isolates unauthorized devices on the network, directly addressing th
Question
A system security analyst using an enterprise monitoring tool notices an unknown internal host exfiltrating files to several foreign IP addresses. Which of the following would be an appropriate mitigation technique?
Options
- ADisabling unnecessary accounts
- BRogue machine detection
- CEncrypting sensitive files
- DImplementing antivirus
How the community answered
(55 responses)- A5% (3)
- B76% (42)
- C4% (2)
- D15% (8)
Explanation
The critical word here is 'unknown internal host.' The device is on the internal network but is not recognized, indicating it is a rogue or unauthorized machine. Rogue machine detection (Option B) identifies and isolates unauthorized devices on the network, directly addressing the source of the threat. Option A (Disabling unnecessary accounts) targets user accounts, not rogue hardware. Option C (Encrypting sensitive files) protects data at rest but does not stop an active exfiltration from an already-compromised or rogue device. Option D (Implementing antivirus) helps with malware but does not identify unauthorized hardware. The first step is to identify and remove the unknown device from the network.
Topics
Community Discussion
No community discussion yet for this question.