CS0-003 • Practice Exam 3 — 20 Questions
Free CS0-003 practice exam 3 — 20 questions with explanations. No signup required.
A SOC analyst reviews DNS telemetry and sees a workstation resolving hundreds of algorithmically generated domains at fixed intervals, with most responses returning NXDOMAIN. What evidence should the analyst prioritize to validate command-and-control beaconing? In the detection engineering phase, Which detection or tuning approach would reduce noise without losing the signal?