A security analyst discovers that an IoT device in a smart building is periodically sending small DNS queries to an external domain known for command-and-control activity. Which security control should be implemented to detect and block such traffic without disrupting legitimate operations?
Trap 1: Install a host-based firewall on the IoT device to restrict…
IoT devices may not support host-based firewalls.
Trap 2: Deploy an intrusion detection system (IDS) on the network to alert…
IDS only alerts, does not block.
Trap 3: Disable DNS resolution on the IoT device to prevent any external…
Disabling DNS breaks legitimate functionality.
- A
Install a host-based firewall on the IoT device to restrict outbound traffic.
Why wrong: IoT devices may not support host-based firewalls.
- B
Deploy an intrusion detection system (IDS) on the network to alert on suspicious DNS queries.
Why wrong: IDS only alerts, does not block.
- C
Configure egress filtering on the firewall to block outbound connections to known malicious domains.
Egress filtering prevents malicious outbound traffic.
- D
Disable DNS resolution on the IoT device to prevent any external communication.
Why wrong: Disabling DNS breaks legitimate functionality.