Exam CS0-002 topic 1 question 113 discussion

I'll go with D. For a staging server, I'd want to deny all external connections; which are rules 1, 2, and 5. Lines 3 and 4 allow SSH and DNS connectivity from only the internal network.

This question is dumb...

The best way to isolate and triage the host is to remove rules 1, 2, 3, 4, and 5. These rules allow inbound and outbound traffic on ports 22 (SSH), 80 (HTTP), and 443 (HTTPS) from any source or destination. By removing these rules, the security analyst can block any network communication to or from the host, preventing any further data exfiltration or malware infection. This will also allow the security analyst to perform a forensic analysis on the host without any interference from external sources.

What is DNS crypto mining? While many threats were analyzed, the report found cryptomining generated the most malicious DNS traffic out of any individual category. When placed inside victims' environments, cryptomining malware abuses computing resources to mine for digital currencies like bitcoin, which can be profitable to threat actors.

D is the best answer. Honestly, I would have only removed the last rule if possible.

What ?

Read the question. 10.0.1.25 is SENDING traffic to a BTC related ip... Correct ans is F.

This will block incoming/outgoing.

It says isolating staging environment from external network. You need to remove http and https, but you need to keep ssh and dns because it is used in internal network for the staging environement.

Correct me if I'm wrong, doesn't isolate means "completely alone"? So, how about C?

You dont want 4 and 5 but you also dont want insecure http traffic in any direction. Im going with E.

Block dns and any outbound TCP. I now understnad the question