PdfPrep.com

Which of the following should the security analyst recommend to identity this behavior without alerting any potential malicious actors?

A threat feed notes malicious actors have been infiltrating companies and exfiltration data to a specific set of domains Management at an organization wants to know if it is a victim.

Which of the following should the security analyst recommend to identity this behavior without alerting any potential malicious actors?
A . Create an IPS rule to block these domains and trigger an alert within the SIEM tool when these domains are requested
B . Add the domains to a DNS sinkhole and create an alert m the SIEM toot when the domains are queried
C . Look up the IP addresses for these domains and search firewall logs for any traffic being sent to those IPs over port 443
D . Query DNS logs with a SIEM tool for any hosts requesting the malicious domains and create alerts based on this information

Answer: D

Exit mobile version