200-201 • Practice Test 1 — 10 Questions
Free 200-201 practice test 1 — 10 questions with explanations. No signup required.
A security analyst observes repeated failed login attempts to an internal web server from multiple external IP addresses. The analyst creates a correlation rule that triggers an alert if more than 10 failed logins occur from a single source IP within 5 minutes. After deploying the rule, the analyst finds that the rule generates false positives from legitimate users who mistype passwords. Which action should the analyst take to reduce false positives while maintaining detection effectiveness?