CS0-003 Exam Dumps | A SOC analyst observes reconnaissance activity from an IP address. The activity follows a pattern of

Home
Curam Software
CompTIA Cybersecurity Analyst (CySA+) Certification Exam
CuramSoftware.CS0-003.v2025-03-31.q179
Question 111

Valid CS0-003 Dumps shared by ExamDiscuss.com for Helping Passing CS0-003 Exam! ExamDiscuss.com now offer the newest CS0-003 exam dumps, the ExamDiscuss.com CS0-003 exam questions have been updated and answers have been corrected get the newest ExamDiscuss.com CS0-003 dumps with Test Engine here:

Access CS0-003 Dumps Premium Version
(622 Q&As Dumps, 35%OFF Special Discount Code: freecram)

<< Prev Question Next Question >>

Question 111/179

A SOC analyst observes reconnaissance activity from an IP address. The activity follows a pattern of short bursts toward a low number of targets. An open-source review shows that the IP has a bad reputation. The perimeter firewall logs indicate the inbound traffic was allowed. The destination hosts are high-value assets with EDR agents installed. Which of the following is the best action for the SOC to take to protect against any further activity from the source IP?

A. Add the IP address to the EDR deny list.

B. Create a SIEM signature to trigger on any activity from the source IP subnet detected by the web proxy or firewalls for immediate notification.

C. Implement a prevention policy for the IP on the WAF.

D. Activate the scan signatures for the IP on the NGFWs.

Correct Answer: A

Blocking the IP address at the EDR (Endpoint Detection and Response) level provides an immediate, targeted response to the detected reconnaissance activity, preventing further interaction with the high-value assets.
EDR tools are designed to detect and block malicious IPs across endpoints. According to CompTIA CySA+, this proactive step is effective for isolating and mitigating threats on specific endpoints. While creating SIEM signatures (B) is useful for monitoring, and policies on WAF (C) and NGFWs (D) can provide additional layers of defense, the most immediate protective action is to block at the endpoint level.

Your email address will not be published. Required fields are marked *

Comment: *

Name: *

Email: *

Rating: *

Verification: *

Question List (179q): Question 1: Which of the following would an organization use to develop ...; Question 2: A disgruntled open-source developer has decided to sabotage ...; Question 3: Which of the following tools would work best to prevent the ...; Question 4: A systems administrator notices unfamiliar directory names o...; Question 5: A security analyst is reviewing events that occurred during ...; Question 6: During an incident, analysts need to rapidly investigate by ...; Question 7: A security analyst scans a host and generates the following ...; Question 8: While reviewing the web server logs a security analyst notic...; Question 9: Which of the following would help an analyst to quickly find...; Question 10: A high volume of failed RDP authentication attempts was logg...; Question 11: Joe, a leading sales person at an organization, has announce...; Question 12: A managed security service provider is having difficulty ret...; Question 13: A company is in the process of implementing a vulnerability ...; Question 14: Which of the following is the best action to take after the ...; Question 15: A Chief Information Security Officer wants to implement secu...; Question 16: A systems administrator needs to gather security events with...; Question 17: A vulnerability scan of a web server that is exposed to the ...; Question 18: An organization conducted a web application vulnerability as...; Question 19: In the last hour, a high volume of failed RDP authentication...; Question 20: A vulnerability analyst received a list of system vulnerabil...; Question 21: An analyst reviews a recent government alert on new zero-day...; Question 22: A small company does no! have enough staff to effectively se...; Question 23: Which of the following is the best way to begin preparation ...; Question 24: An incident response analyst is taking over an investigation...; Question 25: Given the following CVSS string- CVSS:3.0/AV:N/AC:L/PR:N/UI:...; Question 26: During security scanning, a security analyst regularly finds...; Question 27: A SOC receives several alerts indicating user accounts are c...; Question 28: A cybersecurity team lead is developing metrics to present i...; Question 29: Which of the following makes STIX and OpenloC information re...; Question 30: A company is implementing a vulnerability management program...; Question 31: Which of following would best mitigate the effects of a new ...; Question 32: After a security assessment was done by a third-party consul...; Question 33: An incident responder was able to recover a binary file thro...; Question 34: A security analyst needs to ensure that systems across the o...; Question 35: During a security test, a security analyst found a critical ...; Question 36: An employee is no longer able to log in to an account after ...; Question 37: A web application team notifies a SOC analyst that there are...; Question 38: A payroll department employee was the target of a phishing a...; Question 39: An analyst finds that an IP address outside of the company n...; Question 40: During an internal code review, software called "ACE" was di...; Question 41: A company has a primary control in place to restrict access ...; Question 42: A technician is analyzing output from a popular network mapp...; Question 43: An analyst is conducting monitoring against an authorized te...; Question 44: A Chief Information Security Officer wants to lock down the ...; Question 45: Which of the following best describes the process of requiri...; Question 46: During an extended holiday break, a company suffered a secur...; Question 47: A laptop that is company owned and managed is suspected to h...; Question 48: The Chief Information Security Officer wants to eliminate an...; Question 49: Which of the following would likely be used to update a dash...; Question 50: An organization identifies a method to detect unexpected beh...; Question 51: A security analyst is trying to detect connections to a susp...; Question 52: A security team is concerned about recent Layer 4 DDoS attac...; Question 53: A security analyst detects an exploit attempt containing the...; Question 54: A security analyst performs a vulnerability scan. Based on t...; Question 55: An analyst is evaluating the following vulnerability report:...; Question 56: A company is in the process of implementing a vulnerability ...; Question 57: An analyst investigated a website and produced the following...; Question 58: An organization is conducting a pilot deployment of an e-com...; Question 59: Which of the following is the best framework for assessing h...; Question 60: A security analyst observed the following activity from a pr...; Question 61: A vulnerability analyst is writing a report documenting the ...; Question 62: An incident response team is working with law enforcement to...; Question 63: The developers recently deployed new code to three web serve...; Question 64: A cybersecurity analyst is recording the following details *...; Question 65: Which of the following is the most important reason for an i...; Question 66: A security team identified several rogue Wi-Fi access points...; Question 67: A SOC manager receives a phone call from an upset customer. ...; Question 68: Which of the following best explains the importance of the i...; Question 69: A systems administrator is reviewing after-hours traffic flo...; Question 70: A new cybersecurity analyst is tasked with creating an execu...; Question 71: Which of the following entities should an incident manager w...; Question 72: Which of the following describes the best reason for conduct...; Question 73: The Chief Information Security Officer (CISO) of a large man...; Question 74: An organization has a critical financial application hosted ...; Question 75: A security analyst is validating a particular finding that w...; Question 76: A company receives a penetration test report summary from a ...; Question 77: A company has decided to expose several systems to the inter...; Question 78: You are a cybersecurity analyst tasked with interpreting sca...; Question 79: An analyst is reviewing a vulnerability report and must make...; Question 80: A security analyst detected the following suspicious activit...; Question 81: A cybersecurity analyst is doing triage in a SIEM and notice...; Question 82: A security analyst is trying to identify possible network ad...; Question 83: Which of the following is a reason why proper handling and r...; Question 84: An analyst is conducting routine vulnerability assessments o...; Question 85: An analyst has been asked to validate the potential risk of ...; Question 86: During a tabletop exercise, engineers discovered that an ICS...; Question 87: The SOC received a threat intelligence notification indicati...; Question 88: Which of the following items should be included in a vulnera...; Question 89: An analyst is reviewing a dashboard from the company's SIEM ...; Question 90: Which of the following responsibilities does the legal team ...; Question 91: A company's user accounts have been compromised. Users are a...; Question 92: Which of the following best describes the reporting metric t...; Question 93: A report contains IoC and TTP information for a zero-day exp...; Question 94: A security analyst is reviewing the following alert that was...; Question 95: A Chief Information Security Officer has outlined several re...; Question 96: An organization has noticed large amounts of data are being ...; Question 97: A company has the following security requirements: . No publ...; Question 98: A security alert was triggered when an end user tried to acc...; Question 99: When undertaking a cloud migration of multiple SaaS applicat...; Question 100: Which of the following is often used to keep the number of a...; Question 101: A cybersecurity analyst has recovered a recently compromised...; Question 102: A security analyst identified the following suspicious entry...; Question 103: A zero-day command injection vulnerability was published. A ...; Question 104: AXSS vulnerability was reported on one of the non-sensitive/...; Question 105: A penetration tester submitted data to a form in a web appli...; Question 106: A security analyst received a malicious binary file to analy...; Question 107: Which of the following best describes the goal of a disaster...; Question 108: After conducting a cybersecurity risk assessment for a new s...; Question 109: An attacker has just gained access to the syslog server on a...; Question 110: An analyst is becoming overwhelmed with the number of events...; Question 111: A SOC analyst observes reconnaissance activity from an IP ad...; Question 112: A security analyst is reviewing the findings of the latest v...; Question 113: The Chief Information Security Officer is directing a new pr...; Question 114: During an incident, a security analyst discovers a large amo...; Question 115: A cybersecurity analyst notices unusual network scanning act...; Question 116: An analyst recommends that an EDR agent collect the source I...; Question 117: A cybersecurity analyst is reviewing SIEM logs and observes ...; Question 118: A penetration tester is conducting a test on an organization...; Question 119: An analyst is examining events in multiple systems but is ha...; Question 120: A SIEM alert is triggered based on execution of a suspicious...; Question 121: An analyst investigated a website and produced the following...; Question 122: An organization's website was maliciously altered. INSTRUCTI...; Question 123: A company recently experienced a security incident. The secu...; Question 124: A security analyst has found the following suspicious DNS tr...; Question 125: After completing a review of network activity. the threat hu...; Question 126: Which of the following is the best metric for an organizatio...; Question 127: A security analyst at a company called ACME Commercial notic...; Question 128: While a security analyst for an organization was reviewing l...; Question 129: Which of the following should be updated after a lessons-lea...; Question 130: Which of the following describes how a CSIRT lead determines...; Question 131: An organization recently changed its BC and DR plans. Which ...; Question 132: A systems administrator is reviewing the output of a vulnera...; Question 133: Which of the following best describes the importance of impl...; Question 134: Following a recent security incident, the Chief Information ...; Question 135: A security analyst is performing an investigation involving ...; Question 136: While configuring a SIEM for an organization, a security ana...; Question 137: Which of the following is an important aspect that should be...; Question 138: Which of the following would a security analyst most likely ...; Question 139: Which of the following is the best reason to implement an MO...; Question 140: The Chief Executive Officer of an organization recently hear...; Question 141: Which of the following best describes the key goal of the co...; Question 142: The security analyst received the monthly vulnerability repo...; Question 143: An organization enabled a SIEM rule to send an alert to a se...; Question 144: A security analyst has found a moderate-risk item in an orga...; Question 145: An analyst is suddenly unable to enrich data from the firewa...; Question 146: After identifying a threat, a company has decided to impleme...; Question 147: An organization has tracked several incidents that are liste...; Question 148: An analyst is designing a message system for a bank. The ana...; Question 149: Which of the following best describes the goal of a tabletop...; Question 150: A security analyst performs various types of vulnerability s...; Question 151: Which of the following most accurately describes the Cyber K...; Question 152: A list of loCs released by a government security organizatio...; Question 153: The management team requests monthly KPI reports on the comp...; Question 154: An organization's threat intelligence team notes a recent tr...; Question 155: Which of the following statements best describes the MITRE A...; Question 156: A security analyst discovers an LFI vulnerability that can b...; Question 157: An email hosting provider added a new data center with new p...; Question 158: An incident response analyst is investigating the root cause...; Question 159: A recent penetration test discovered that several employees ...; Question 160: A threat hunter seeks to identify new persistence mechanisms...; Question 161: While reviewing web server logs, a security analyst discover...; Question 162: New employees in an organization have been consistently plug...; Question 163: Exploit code for a recently disclosed critical software vuln...; Question 164: Due to reports of unauthorized activity that was occurring o...; Question 165: Following an incident, a security analyst needs to create a ...; Question 166: Which of the following security operations tasks are ideal f...; Question 167: A security analyst is reviewing the logs of a web server and...; Question 168: A cybersecurity team has witnessed numerous vulnerability ev...; Question 169: Results of a SOC customer service evaluation indicate high l...; Question 170: An analyst notices there is an internal device sending HTTPS...; Question 171: A SOC analyst determined that a significant number of the re...; Question 172: An analyst discovers unusual outbound connections to an IP t...; Question 173: A security analyst is trying to validate the results of a we...; Question 174: An organization was compromised, and the usernames and passw...; Question 175: An analyst finds that an IP address outside of the company n...; Question 176: During an incident, some loCs of possible ransomware contami...; Question 177: A company is launching a new application in its internal net...; Question 178: A security analyst is writing a shell script to identify IP ...; Question 179: Which of the following risk management principles is accompl...

[×]

Download PDF File

Enter your email address to download CuramSoftware.CS0-003.v2025-03-31.q179.pdf

Email:

Disclaimer:
Freecram doesn't offer Real GIAC Exam Questions. Freecram doesn't offer Real SAP Exam Questions. Freecram doesn't offer Real (ISC)² Exam Questions. Freecram doesn't offer Real CompTIA Exam Questions. Freecram doesn't offer Real Microsoft Exam Questions.
Oracle and Java are registered trademarks of Oracle and/or its affiliates.
Freecram material do not contain actual actual Oracle Exam Questions or material.
Microsoft®, Azure®, Windows®, Windows Vista®, and the Windows logo are registered trademarks of Microsoft Corporation.
Freecram Materials do not contain actual questions and answers from Cisco's Certification Exams. The brand Cisco is a registered trademark of CISCO, Inc.
CFA Institute does not endorse, promote or warrant the accuracy or quality of these questions. CFA® and Chartered Financial Analyst® are registered trademarks owned by CFA Institute.
Freecram does not offer exam dumps or questions from actual exams. We offer learning material and practice tests created by subject matter experts to assist and help learners prepare for those exams. All certification brands used on the website are owned by the respective brand owners. Freecram does not own or claim any ownership on any of the brands.

Question 111/179

LEAVE A REPLY

Download PDF File