A team of security analysts has been alerted to potential malware activity. The initial examination indicates one of the affected workstations is beaconing on TCP port 80 to five IP addresses and attempting to spread across the network over port 445. Which of the following should be the team's NEXT step during the detection phase of this response process?
A) Escalate the incident to management, who will then engage the network infrastructure team to keep them informed.
B) Depending on system criticality, remove each affected device from the network by disabling wired and wireless connections.
C) Engage the engineering team to block SMB traffic internally and outbound HTTP traffic to the five IP addresses.
D) Identify potentially affected systems by creating a correlation search in the SIEM based on the network traffic.
Correct Answer:
Verified
Q93: A critical server was compromised by malware,
Q94: An audit has revealed an organization is
Q95: A security analyst is reviewing vulnerability scan
Q96: During an investigation, a security analyst identified
Q97: A security team wants to make SaaS
Q99: It is important to parameterize queries to
Q100: A security analyst is reviewing the logs
Q101: A company's incident response team is handling
Q102: Which of the following policies would state
Q103: An incident response team is responding to
Unlock this Answer For Free Now!
View this answer and more for free by performing one of the following actions
Scan the QR code to install the App and get 2 free unlocks
Unlock quizzes for free by uploading documents