CompTIA CySA+ (CS0-002) — Question 114

During an investigation, a security analyst determines suspicious activity occurred during the night shift over the weekend. Further investigation reveals the activity was initiated from an internal IP going to an external website. Which of the following would be the MOST appropriate recommendation to prevent similar activity from happening in the future?

Answer options

• A. An IPS signature modification for the specific IP addresses
• B. An IDS signature modification for the specific IP addresses
• C. A firewall rule that will block port 80 traffic
• D. Implement a WAF to restrict malicious web content

Correct answer: A

Explanation

The correct answer is A because modifying an IPS signature for the specific IP addresses can actively prevent further suspicious activities by blocking them before they reach their destination. Options B and D do not directly address the prevention of the specific threat identified, and option C may block legitimate traffic rather than focusing on the malicious activity from the internal source.