While a threat intelligence analyst was researching an indicator of compromise on a search engine, the web proxy generated an alert regarding the same indicator. The threat intelligence analyst states that related sites were not visited but were searched for in a search engine. Which of the following MOST likely happened in this situation?
A. The analyst is not using the standard approved browser.
B. The analyst accidently clicked a link related to the indicator.
C. The analyst has prefetch enabled on the browser in use.
D. The alert in unrelated to the analyst’s search.
CS0-002: CompTIA CySA+ ExamFULL Printable PDF and Software. VALID exam to help you PASS. |
 |
From Jason Dion:
“In order to meet the requirement to monitor all traffic to and from the network’s gateway, it is best to utilize a network intrusion detection system (NIDS) that monitors the external interface of the gateway router. In order to be able to block certain types of content, it is best to install a firewall on the internal interface, where ACLs can be established for those traffic types”
Ignore the above, meant for a previous question