Weekend Sale Special Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: xmasmnth

A SOC analyst observes reconnaissance activity from an IP address.

  1. Home
  2. CompTIA
  3. CompTIA CySA+
  4. CS0-003
  5. CS0-003 Questions
  6. CompTIA CyberSecurity Analyst CySA+ Certification Exam Practice Questions

A SOC analyst observes reconnaissance activity from an IP address. The activity follows a pattern of short bursts toward a low number of targets. An open-source review shows that the IP has a bad reputation. The perimeter firewall logs indicate the inbound traffic was allowed. The destination hosts are high-value assets with EDR agents installed. Which of the following is the best action for the SOC to take to protect against any further activity from the source IP?

A.

Add the IP address to the EDR deny list.

B.

Create a SIEM signature to trigger on any activity from the source IP subnet detected by the web proxy or firewalls for immediate notification.

C.

Implement a prevention policy for the IP on the WAF

D.

Activate the scan signatures for the IP on the NGFWs.

CompTIA CS0-003 View All Questions

CompTIA CS0-003 Summary

  • Vendor: CompTIA
  • Product: CS0-003
  • Update on: Feb 7, 2026
  • Questions: 433
Price: $52.5  $149.99
Buy Now CS0-003 PDF + Testing Engine Pack
Next
A security analyst has identified outgoing network traffic leaving the enterprise at odd times.
A security analyst is assisting a software engineer with the development of a custom log...
Previous

Payments We Accept

Your purchase with ExamsVCE is safe and fast. Your products will be available for immediate download after your payment has been received.
The ExamsVCE website is protected by 256-bit SSL from McAfee, the leader in online security.

examsvce payment method

Contact Us

Copyright © 2013-2026 examsvce.com. All Rights Reserved
mcafee secure

TESTED 07 Feb 2026