CompTIA CySA+ (CS0-003) — Question 17

A cybersecurity analyst notices unusual network scanning activity coming from a country that the company does not do business with. Which of the following is the best mitigation technique?

Answer options

• A. Geoblock the offending source country.
• B. Block the IP range of the scans at the network firewall.
• C. Perform a historical trend analysis and look for similar scanning activity.
• D. Block the specific IP address of the scans at the network firewall.

Correct answer: A

Explanation

Geoblocking the source country is the best approach as it prevents any traffic from that region, effectively stopping potential threats. Blocking the IP range or specific IPs might not be as effective if the attacker uses different IPs or ranges. Performing a historical trend analysis, while useful for insights, does not actively mitigate the current threat.