CompTIA CySA+ (CS0-001) — Question 109

A cybersecurity analyst is hired to review the security posture of a company. The cybersecurity analyst notices a very high network bandwidth consumption due to
SYN floods from a small number of IP addresses.
Which of the following would be the BEST action to take to support incident response?

Answer options

• A. Increase the company's bandwidth.
• B. Apply ingress filters at the routers.
• C. Install a packet capturing tool.
• D. Block all SYN packets.

Correct answer: B

Explanation

The best action is to apply ingress filters at the routers, as this can help prevent SYN flood traffic from reaching the network. Increasing bandwidth would not resolve the underlying issue of the attack, while packet capturing tools and blocking all SYN packets may not effectively mitigate the attack without proper filtering.