200-201 • Timed Practice Test 1
This is a timed practice session. You have 10 minutes to answer 10 questions — approximately 1 minute per question, matching real 200-201 exam pace. Answer every question before time expires.
Time remaining
10:00
Exam-pace drill
Allow 1 minute per question. On the real 200-201 exam you have approximately 72 seconds per question — this session trains you to maintain that pace under pressure.
A security analyst observes repeated failed login attempts to an internal web server from multiple external IP addresses. The analyst creates a correlation rule that triggers an alert if more than 10 failed logins occur from a single source IP within 5 minutes. After deploying the rule, the analyst finds that the rule generates false positives from legitimate users who mistype passwords. Which action should the analyst take to reduce false positives while maintaining detection effectiveness?