CompTIA Security+ (SY0-601) — Question 155

Which of the following would be MOST effective to contain a rapidly spreading attack that is affecting a large number of organizations?

Answer options

• A. Machine learning
• B. DNS sinkhole
• C. Blocklist
• D. Honeypot

Correct answer: B

Explanation

The correct answer, DNS sinkhole, effectively redirects malicious traffic away from affected systems, limiting the spread of the attack. Machine learning, while useful for detection, does not actively contain threats. A blocklist can prevent known bad IPs but may not be effective against rapidly changing attack vectors. A honeypot is primarily for detection and research and does not actively mitigate ongoing attacks.