CS0-003 Security Operations • Set 6
CS0-003 Security Operations Practice Test 6 — 15 questions with explanations. Free, no signup.
A SOC analyst receives an alert from the SIEM indicating a high volume of outbound traffic from a single workstation to an IP address in a country where the organization does no business. The alert is based on a rule that triggers when outbound traffic exceeds 1 GB in 5 minutes. Upon investigation, the analyst finds that the workstation is used by a developer who downloaded a large dataset from a cloud storage service. Which action should the analyst take to improve the alert's accuracy without disabling it entirely?