Logo
Home Study Material Contact Search
AI Chat FREE
  1. computer science
  2. programming
  3. the soc has noticed an unusual volume of traffic c

The SOC has noticed an unusual volume of traffic coming from an open wi-fi guest Network...

60.1K

Verified Solution

Question

Programming

The SOC has noticed an unusual volume of traffic comingfrom an open wi-fi guest Network that appears correlated with aborder Network slow down. The network team is unable to capturetraffic, but logs from Network Services are available.

  • No users have authenticated recently there was a guestnetworks captive portal

  • DDoS mitigation systems are not alerting

  • DNS resolver logs show some very long domainnames

Which of the following is the best step for securityanalysis to take next?

  1. Block all outbound traffic from the guest Network at theborder firewall

  2. verify the passphrase on the guest network has not beenchanged

  3. search antivirus logs for evidence of compromise companydevice

  4. review access point logs to identify potential a zombieservices

Answer & Explanation Solved by verified expert
4.1 Ratings (621 Votes)
Block all outbound traffic from the guest Network at the border firewall is the best step Security Analysis take Firewalls NextGeneration Firewalls NFGW and Web Application Firewalls WAFFirewalls are a standard part of any cybersecurity arsenal Two new technologies are complementing or replacing the traditional firewall NGFWextends the firewall by providing intrusion prevention and intrusion detection with deep packet inspection capabilities NGFWs can block threats at the network edge using techniques like URL filtering behavioral analysis and geolocation filtering They use a reverse proxy to terminate connections and inspect content before it reaches a web server WAFa WAF is deployed in front of web applications inspects traffic and identifies traffic patterns that may represent malicious activity A WAF can detect attacks while minimizing false positives by learning acceptable URLs parameters and user inputs and uses this data to identify traffic or inputs that deviate from the norm These technologies are leveraged in the modern SOC to reduce the attack profile of websites a and web applications and gather higher quality data about legitimate and malicious traffic hitting critical web properties Endpoint Detection and Response EDR EDR is a new category of tools that helps SOC teams respond to attacks on endpoints like user workstations mobile phones servers or IoT devices These tools are built around the assumption that attacks will happen and that the SOC team usually has very limited visibility and control into whats happening on a remote endpoint EDR solutions are deployed on endpoints provide instant accurate data about malicious activity and gives SOC teams remote control over    See Answer
Get Answers to Unlimited Questions

Join us to gain access to millions of questions and expert answers. Enjoy exclusive benefits tailored just for you!

Membership Benefits:
  • Unlimited Question Access with detailed Answers
  • Zin AI - 3 Million Words
  • 10 Dall-E 3 Images
  • 20 Plot Generations
  • Conversation with Dialogue Memory
  • No Ads, Ever!
  • Access to Our Best AI Platform: Flex AI - Your personal assistant for all your inquiries!
Become a Member

Other questions asked by students

Q

What are strengths and weaknesses of each of the major types of epidemiologic study? -Randomized controlled trial –...

Biology
Q

Give an example of a situation you have been in where Groupthink or Groupshift has occurred....

Psychology
Q

1. Metrosexual can be defined as: A. A new expression of heterosexual masculinity that is anti-sexist and...

Psychology
Q

Create a comparative table of advantages and disadvantages of active, passive and digital filters.

Electrical Engineering
Q

1. Draw a 3-D sketch of the pallet unit load on a wood pallet. Include dimensions...

Advance Math
Q

A student finds that the weight of an empty beaker is 16 600 g She...

Basic Math
Q

Solve sin(x)There are two solutions, A and B, with A

Calculus
Q

68 1 4i 68 1 4i Simplify your onewer Tyng your cou Em

Algebra
Q

Polaski Company manufactures and sells a single product called a Ret. Operating...

Accounting
Q

12/31/2015 9300 Dellau are left for food in the indetery 12/21/zas $23,000 Dollare in pige...

Accounting
Q

Grossman Products began operations in 2024. The following selected transactions occurred from September 2024 through...

Accounting
Q

Suppose that at the start of 2015 the dollar/pound exchange rate was $2/1. One year...

Finance