Which of the following is the FIRST step the analyst should take to evaluate this potential indicator of compromise'?

CS0-002 V2

Last Post by Carmelo 1 year ago

1 Posts

1 Users

0 Likes

98 Views

RSS

Carmelo

(@colmenerocarmelo)

Posts: 746

Noble Member

Topic starter

A security analyst is responding to an incident on a web server on the company network that is making a large number of outbound requests over DNS.

Which of the following is the FIRST step the analyst should take to evaluate this potential indicator of compromise'?

A . Run an anti-malware scan on the system to detect and eradicate the current threat
B. Start a network capture on the system to look into the DNS requests to validate command and control traffic.
C. Shut down the system to prevent further degradation of the company network
D. Reimage the machine to remove the threat completely and get back to a normal running state.
E. Isolate the system on the network to ensure it cannot access other systems while evaluation is underway.

Show Answer Hide Answer

Suggested Answer: B

Posted : 11/02/2023 11:40 pm

Topic Tags

CompTIA CySA+

Latest CS0-002 V2 Dumps Valid Version

Latest And Valid Q&A | Instant Download | Once Fail, Full Refund

Instant Download PDF

Forum Jump:

Previous Topic

Next Topic