An organization subscribes to multiple third-party security intelligence feeds. It receives a notification from one of these feeds indicating a zero-day malware attack is impacting the SQL server prior to SP 2. The notification also indicates that infected systems attempt to communicate to external IP addresses on port 2718 to download additional payload. After consulting with the organization's database administrator, it is determined that there are several SQL servers that are still on SP 1, and none of the SQL servers would normally communicate over port 2718. Which of the following is the BEST mitigation step to implement until the SQL servers can be upgraded to SP 2 with minimal impact to the network? A. Create alert rules on the IDS for all outbound traffic on port 2718 from the IP addresses if the SQL servers running SQL SP 1 B. On the organization's firewalls, create a new rule that blocks outbound traffic on port 2718 from the IP addresses of the servers running SQL SP 1 C. Place all the SQL servers running SP 1 on a separate subnet On the firewalls, create a new rule blocking connections to destination addresses external to the organization's network D. On the SQL servers running SP 1, install vulnerability scanning software  Suggested Answer: B This question is in CS0-001 CompTIA Cybersecurity Analyst (CySA+) Exam For getting CompTIA Cybersecurity Analyst (CySA+) Certificate Disclaimers: The website is not related to, affiliated with, endorsed or authorized by CompTIA. Trademarks, certification & product names are used for reference only and belong to CompTIA. The website does not contain actual questions and answers from CompTIA's Certification Exams.
Please login or Register to submit your answer
