CompTIA Security+ SY0-601 – Question109

While reviewing an alert that shows a malicious request on one web application, a cybersecurity analyst is
alerted to a subsequent token reuse moments later on a different service using the same single sign-on
method. Which of the following would BEST detect a malicious actor?


A.
Utilizing SIEM correlation engines
B. Deploying Netflow at the network border
C. Disabling session tokens for all sites
D. Deploying a WAF for the web server

Correct Answer: A