ExamTopics Logo
Mail Us[email protected]
Menu
Comptia Discussions
exam questions

Exam SY0-601 All Questions

View all questions & answers for the SY0-601 exam
Go to Exam

Exam SY0-601 topic 1 question 379 discussion

Actual exam question from CompTIA's SY0-601
Question #: 379
Topic #: 1
[All SY0-601 Questions]

Multiple beaconing activities to a malicious domain have been observed. The malicious domain is hosting malware from various endpoints on the network. Which of the following technologies would be BEST to correlate the activities between the different endpoints?

  • A. Firewall
  • B. SIEM
  • C. IPS
  • D. Protocol analyzer
Show Suggested Answer Hide Answer
Suggested Answer: B 🗳️
by Ranaer at Feb. 9, 2023, 10:34 a.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
Ranaer
Highly Voted 2 years, 2 months ago
Selected Answer: B
Correlate > SIEM.
upvoted 10 times
...
ApplebeesWaiter1122
Highly Voted 1 year, 10 months ago
A SIEM system is designed to collect, analyze, and correlate log data from various sources within an organization's network, including endpoints, servers, firewalls, and other security devices. It provides real-time monitoring and analysis of security events, allowing security analysts to identify and respond to potential threats. In this case, the SIEM can collect logs from the various endpoints on the network that are communicating with the malicious domain. By correlating the activities across these endpoints, the SIEM can provide a comprehensive view of the beaconing activities and help identify the extent of the infection. It can also generate alerts or triggers based on predefined rules or patterns, enabling timely incident response and mitigation actions.
upvoted 7 times
...
TONADO
Most Recent 1 year, 6 months ago
I go with B: SIEM entails - collection, aggregation and corellation
upvoted 1 times
...
add0109
1 year, 8 months ago
Selected Answer: B
A SIEM system is designed to collect, analyze, and correlate log data from various sources within an organization's network, including endpoints, servers, firewalls, and other security devices. It provides real-time monitoring and analysis of security events, allowing security analysts to identify and respond to potential threats.
upvoted 1 times
...
i_luv_stoneface
2 years, 2 months ago
Selected Answer: B
Trust.
upvoted 4 times
...
sdc939
2 years, 2 months ago
B. SIEM
upvoted 3 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago