I think the answer is C. It just makes the most sense to me. I mean, what's the point of having a correlation rule if it doesn't do anything when it's triggered? You'd have to be a real 'network traffic' to think otherwise.
This is a tricky one. I was tempted to choose B, but blocking the network traffic doesn't seem like the right response. I'm gonna go with C, just to be on the safe side.
Hmm, I'm not sure. I'm leaning towards D, but I could be wrong. An event being logged to the Correlation Policy Management table does seem like a logical outcome.
I think C is the correct answer. The Defense Center should generate a correlation event and initiate any configured responses when the network traffic meets the criteria specified in the correlation rule.
Joanna
4 months agoFletcher
3 months agoNorah
3 months agoLanie
3 months agoRuby
4 months agoOdette
5 months agoJutta
3 months agoLeah
4 months agoHannah
4 months agoKendra
4 months agoJose
4 months agoGlory
4 months agoSherell
5 months agoWillow
5 months agoVeronique
5 months agoAlpha
4 months agoEladia
4 months agoBen
5 months agoZoila
4 months agoWynell
4 months agoShannan
4 months agoMari
4 months agoHeike
5 months ago