CompTIA CySA+ (CS0-002) — Question 233

A security analyst s monitoring a company’s network traffic and finds ping requests going to accounting and human resources servers from a SQL server. Upon investigation, the analyst discovers a technician responded to potential network connectivity issues. Which of the following is the best way for the security analyst to respond?

Answer options

• A. Report this activity as a false positive, as the activity is legitimate.
• B. Isolate the system and begin a forensic investigation to determine what was compromised.
• C. Recommend network segmentation to the management team as a way to secure the various environments.
• D. Implement host-bases firewalls on all systems to prevent ping sweeps in the future.

Correct answer: A

Explanation

The correct answer is A because the activity is legitimate and was initiated by a technician for network troubleshooting. Options B and D suggest unnecessary drastic measures, while option C, although a good security practice, does not address the immediate issue of the legitimate traffic.