Exam SY0-601: CompTIA Security+ | Question: Identifying Malicious IP and Preventing Connections

Identifying and Preventing Connections to a Malicious IP - CompTIA Security+ SY0-601 Exam

Prev Question Next Question

Question

An organization identifies a number of hosts making outbound connections to a known malicious IP over port TCP 80

The organization wants to identify the data being transmitted and prevent future connections to this IP.

Which of the following should the organization do to achieve this outcome?

Answers

A. Use a protocol analyzer to reconstruct the data and implement a web-proxy.

B. Deploy a web-proxy and then blacklist the IP on the firewall.

C. Deploy a web-proxy and implement IPS at the network edge.

D. Use a protocol analyzer to reconstruct the data and blacklist the IP on the firewall.

Show Answer

Explanations

Click on the arrows to vote for the correct answer

A. B. C. D.

The organization has identified that a number of hosts in their network are connecting to a known malicious IP address over port TCP 80. The organization wants to identify the data being transmitted and prevent future connections to this IP.

Option A suggests using a protocol analyzer to reconstruct the data and implement a web-proxy. A protocol analyzer is a tool used to capture and analyze network traffic. By reconstructing the data, the organization can identify the type of data being transmitted and whether it poses a threat. Implementing a web-proxy can help prevent future connections to the malicious IP address by routing traffic through the web-proxy, which can inspect and block traffic to the malicious IP address based on predefined rules. However, this option does not address how to prevent future connections to the malicious IP address without the use of a web-proxy.

Option B suggests deploying a web-proxy and then blacklisting the IP on the firewall. Deploying a web-proxy can help prevent future connections to the malicious IP address, as mentioned in option A. Blacklisting the IP address on the firewall can also prevent future connections by blocking traffic to the malicious IP address. However, this option does not address how to identify the data being transmitted to the malicious IP address.

Option C suggests deploying a web-proxy and implementing IPS at the network edge. Deploying a web-proxy can help prevent future connections to the malicious IP address, as mentioned in options A and B. Implementing IPS (Intrusion Prevention System) at the network edge can help identify and prevent attacks at the network perimeter. IPS systems can inspect traffic for malicious behavior and block traffic based on predefined rules. This option addresses both identifying the data being transmitted and preventing future connections to the malicious IP address.

Option D suggests using a protocol analyzer to reconstruct the data and blacklist the IP on the firewall. Using a protocol analyzer can help identify the type of data being transmitted, as mentioned in option A. Blacklisting the IP address on the firewall can help prevent future connections to the malicious IP address, as mentioned in options B and C. However, this option does not address how to prevent future connections to the malicious IP address without the use of a firewall.

Based on the above, the best answer to achieve the outcome is Option C: Deploy a web-proxy and implement IPS at the network edge.

Prev Question Next Question