An incident response team has deployed Rita to analyze suspicious network patterns. They observe multiple outbound connections at short intervals from various hosts and want to highlight unexpected communication. Which action helps improve detection accuracy?
Eliminate logs from critical hosts to reduced scanning overhead
Mark all inbound traffic on uncommon ports as harmful
Block inbound and outbound email flows from recognized addresses
Exclude routine traffic from recognized services to focus on irregular communication intervals
Removing routine, expected traffic patterns allows the detection tool to focus on irregular communication intervals that may indicate command-and-control (C2) behavior. Filtering known benign behavior improves detection fidelity. In contrast, removing large volumes of logs or relying solely on port-based rules can mask real threats or generate unnecessary noise.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is Command-and-Control (C2) behavior in network security?
Open an interactive chat with Bash
How does excluding routine traffic improve detection accuracy?
Open an interactive chat with Bash
Why are port-based rules alone not sufficient for threat detection?