Performing CyberOps Using Cisco Security Technologies (CBRCOR) — Question 53

A SOC team receives multiple alerts by a rule that detects requests to malicious URLs and informs the incident response team to block the malicious URLs requested on the firewall. Which action will improve the effectiveness of the process?

Answer options

• A. Block local to remote HTTP/HTTPS requests on the firewall for users who triggered the rule.
• B. Inform the user by enabling an automated email response when the rule is triggered.
• C. Inform the incident response team by enabling an automated email response when the rule is triggered.
• D. Create an automation script for blocking URLs on the firewall when the rule is triggered.

Correct answer: D

Explanation

The correct answer is D, as creating an automation script allows for immediate and consistent action to block harmful URLs, reducing manual intervention and response time. Options A, B, and C do not directly address the need for automated blocking of the URLs, which is crucial for an effective incident response strategy.