A web application team notifies a SOC analyst that there are thousands of HTTP/404 events on the public-facing web server. Which of the following is the next step for the analyst to take?
A.
Instruct the firewall engineer that a rule needs to be added to block this external server
B.
Escalate the event to an incident and notify the SOC manager of the activity
C.
Notify the incident response team that there is a DDoS attack occurring
D.
Identify the IP/hostname for the requests and look at the related activity
Identifying the IP/hostname for the requests and looking at the related activity is the first step in understanding the nature of the issue. This step is crucial for making informed decisions about how to respond to the situation.
Once the analyst has gathered more information, they can then decide whether further escalation or actions are necessary, such as alerting the incident response team or notifying higher management.
Identify the IP/hostname for the requests and look at the related activity (D): This is the most prudent first step. By identifying the source of the requests, the analyst can better understand whether this is benign activity, a scanning attempt, or something more malicious.
did someone pass the exam with the questions presented here ? I also noticed only 153 questions available but it shows 162 ? How accurate are the questions ?
if thousands of 404 are seen, then this is very probably a dDOS attack and the requests will come from a lot of IPs. So identifying this IPs will not help much.
I would go with answer C.
And after this step the FW engineer (answer A) would be involved and start mitigating the situation...
The first task to be performed by the analyst would be to investigate the activity. Once investigated, he should perform any of the other options.
The 404 error code indicates that the requested resource could not be found. The analyst must investigate whether the error is due to a bad link or a missing component.
DDos attacks would be associated with 50x codes (500 Internal Server Error, 503 Service Unavailable, 504 Gateway Timeout).
ok, so 404 and DOS really usually doesn't make sense (only maybe when a proxy is between).
Then answer D and investigating the activity makes most sense.
This section is not available anymore. Please use the main Exam Page.CS0-003 Exam Questions
Log in to ExamTopics
Sign in:
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
kmordalv
Highly Voted 1 year, 1 month agoCyberJackal
Most Recent 7 months agochaddman
1 year agoJong1
1 year ago581777a
1 year ago[Removed]
11 months, 1 week agodeeden
10 months, 3 weeks agochaddman
1 year ago[Removed]
11 months, 1 week agoRT7
11 months, 2 weeks agoNFFC91
7 months agomuvisan
1 year agokmordalv
1 year agomuvisan
1 year ago3be4f49
7 months, 1 week agoItechcomputer
1 year ago[Removed]
11 months, 1 week ago