An Incident Responder notices traffic going from an endpoint to an IRC channel. The endpoint is listed in an incident. ATP is configured in TAP mode. What should the Incident Responder do to stop the traffic to the IRC channel?
A) Isolate the endpoint with a Quarantine Firewall policy
B) Blacklist the IRC channel IP
C) Blacklist the endpoint IP
D) Isolate the endpoint with an application control policy
Correct Answer:
Verified
Q75: Which threat is an example of an
Q76: Which threat is an example of an
Q77: What does a Quarantine Firewall policy enable
Q78: What is the earliest stage at which
Q79: An Incident Responder runs an endpoint search
Q81: An Incident Responder documented the scope of
Q82: Which stage of an Advanced Persistent Threat
Q83: Which two user roles allow an Incident
Q84: An Incident Responder is going to run
Q85: Which two steps must an Incident Responder
Unlock this Answer For Free Now!
View this answer and more for free by performing one of the following actions
Scan the QR code to install the App and get 2 free unlocks
Unlock quizzes for free by uploading documents