CompTIA CySA+ (CS0-002) — Question 31

A company's blocklist has outgrown the current technologies in place. The ACLs are at maximum, and the IPS signatures only allow a certain amount of space for domains to be added, creating the need for multiple signatures. Which of the following configuration changes to the existing controls would be the MOST appropriate to improve performance?

Answer options

• A. Implement a host-file-based solution that will use a list of all domains to deny for all machines on the network.
• B. Create an IDS for the current blocklist to determine which domains are showing activity and may need to be removed.
• C. Review the current blocklist and prioritize it based on the level of threat severity. Add the domains with the highest severity to the blocklist and remove the lower-severity threats from it.
• D. Review the current blocklist to determine which domains can be removed from the list and then update the ACLs and IPS signatures.

Correct answer: D

Explanation

The correct answer, D, is appropriate because it focuses on optimizing the current blocklist by removing less critical entries, thereby freeing up resources for the ACLs and IPS signatures. Options A and B do not address the core issue of the blocklist's inefficiency, while C, although it prioritizes threats, does not resolve the capacity limitations of the existing controls.