A threat feed notes malicious actors have been infiltrating companies and exfiltrating data to a specific set of domains. Management at an organization wants to know if it is a victim. Which of the following should the security analyst recommend to identify this behavior without alerting any potential malicious actors?
A. Create an IPS rule to block these domains and trigger an alert within the SIEM tool when these domains are requested.
B. Add the domains to a DNS sinkhole and create an alert in the SIEM tool when the domains are queried
C. Look up the IP addresses for these domains and search firewall logs for any traffic being sent to those IPs over port 443
D. Query DNS logs with a SIEM tool for any hosts requesting the malicious domains and create alerts based on this information Most Voted
A threat feed notes malicious actors have been infiltrating companies and exfiltrating data to a specific set of domains
-
answerhappygod
- Site Admin
- Posts: 899604
- Joined: Mon Aug 02, 2021 8:13 am
A threat feed notes malicious actors have been infiltrating companies and exfiltrating data to a specific set of domains
Join a community of subject matter experts. Register for FREE to view solutions, replies, and use search function. Request answer by replying!