An Incident Responder observes an incident with multiple malware downloads from a malicious domain. The domain in question belongs to one of the organization's suppliers. The organization needs access to the site to continue placing orders. ATP: Network is configured in Inline Block mode. How should the Incident Responder proceed?
A) Whitelist the domain and close the incident as a false positive
B) Identify the pieces of malware and blacklist them, then notify the supplier
C) Blacklist the domain and IP of the attacking site
D) Notify the supplier and block the site on the external firewall
Correct Answer:
Verified
Q63: In which two locations should an Incident
Q64: What is the main constraint an ATP
Q65: Which threat is an example of an
Q66: What impact does changing from Inline Block
Q67: Where can an Incident Responder view Cynic
Q69: What occurs when an endpoint fails its
Q70: Which prerequisite is necessary to extend the
Q71: An Incident Responder wants to investigate whether
Q72: How can an Incident Responder generate events
Q73: Which action should an Incident Responder take
Unlock this Answer For Free Now!
View this answer and more for free by performing one of the following actions
Scan the QR code to install the App and get 2 free unlocks
Unlock quizzes for free by uploading documents