Which of the following should be the team's NEXT step during the detection phase of this response process?

CS0-002 V1

Last Post by Isaiah 2 years ago

1 Posts

1 Users

0 Likes

171 Views

RSS

Isaiah

(@casausisaiah)

Noble Member

Joined: 2 years ago

Posts: 710

Topic starter 16/09/2022 12:17 pm

A team of security analysis has been alerted to potential malware activity. The initial examination indicates one of the affected workstations on beaconing on TCP port 80 to five IP addresses and attempting to spread across the network over port 445.

Which of the following should be the team's NEXT step during the detection phase of this response process?

A . Escalate the incident to management, who will then engage the network infrastructure team to keep them informed
B . Depending on system critically remove each affected device from the network by disabling wired and wireless connections
C . Engage the engineering team to block SMB traffic internally and outbound HTTP traffic to the five IP addresses Identify potentially affected systems by creating a correlation
D . Identify potentially affected system by creating a correlation search in the SIEM based on the network traffic.

Show Answer Hide Answer

Suggested Answer: D

Quote

Topic Tags

CompTIA CySA+

Latest CS0-002 V1 Dumps Valid Version

Latest And Valid Q&A | Instant Download | Once Fail, Full Refund

Instant Download PDF

Forum Jump:

Previous Topic

Next Topic