CySA+ CS0-001 – Q. 131

0
14

A computer has been infected with a virus and is sending out a beacon to command and control server through an unknown service. Which of the following should a security technician implement to drop the traffic going to the command and control server and still be able to identify the infected host through firewall logs?

A. Sinkhole
B. Block ports and services
C. Patches
D. Endpoint security

Explanation/Reference:
https://live.paloaltonetworks.com/t5/Configuration-Articles/How-to-Configure-DNS-Sinkhole/ta-p/58891

LEAVE A REPLY

Please enter your comment!
Please enter your name here