200-201 • Practice Exam 3 — 20 Questions
Free 200-201 practice exam 3 — 20 questions with explanations. No signup required.
A SOC analyst is tuning an IPS rule that detects SQL injection attempts. The rule currently generates a high number of alerts, most of which are false positives caused by legitimate web application traffic containing SQL-like keywords. The analyst wants to reduce false positives without missing actual attacks. Which approach is most effective?