200-201 • Practice Test 5 — 10 Questions
Free 200-201 practice test 5 — 10 questions with explanations. No signup required.
A SOC analyst is tuning an IPS rule that detects SQL injection attempts. The rule currently generates a high number of alerts, most of which are false positives caused by legitimate web application traffic containing SQL-like keywords. The analyst wants to reduce false positives without missing actual attacks. Which approach is most effective?