ATP detects a threat phoning home to a command and control server and creates a new incident. The threat is NOT being detected by SEP, but the Incident Response team conducted an indicators of compromise (IOC) search for the machines that are contacting the malicious sites to gather more information. Which step should the Incident Response team incorporate into their plan of action?
A) Perform a healthcheck of ATP
B) Create firewall rules in the Symantec Endpoint Protection Manager (SEPM) and the perimeter firewall
C) Use ATP to isolate non-SEP protected computers to a remediation VLAN
D) Rejoin the endpoints back to the network after completing a final virus scan

Question

Quizplus · Accepted Answer

The Answer of ATP detects a threat phoning home to a command and control server and creates a new incident. The threat is NOT being detected by SEP, but the Incident Response team conducted an indicators of compromise (IOC) search for the machines that are contacting the malicious sites to gather more information. Which step should the Incident Response team incorporate into their plan of action?
A) Perform a healthcheck of ATP
B) Create firewall rules in the Symantec Endpoint Protection Manager (SEPM) and the perimeter firewall
C) Use ATP to isolate non-SEP protected computers to a remediation VLAN
D) Rejoin the endpoints back to the network after completing a final virus scan

ATP Detects a Threat Phoning Home to a Command and Control