A security is responding to an incident on a web server on the company network that is making a large number of outbound requests over DNS. Which of the following is the FIRST step the analyst should take to evaluate this potential indicator of compromise?
A) Run an anti-malware scan on the system to detect and eradicate the current threat
B) Start a network capture on the system to look into the DNS requests to validate command and control traffic
C) Shut down the system to prevent further degradation of the company network
D) Reimage the machine to remove the threat completely and get back to a normal running state
E) Isolate the system on the network to ensure it cannot access other systems while evaluation is underway
Correct Answer:
Verified
Q140: An information security analyst discovered a virtual
Q141: An analyst is participating in the solution
Q142: An organization is assessing risks so it
Q143: A Chief Information Security Officer (CISO) is
Q144: A financial institution's business unit plans to
Q146: Massivelog.log has grown to 40GB on a
Q147: Which of the following are components of
Q148: A security analyst is investigating a system
Q149: Which of the following session management techniques
Q150: A cyber-incident response analyst is investigating a
Unlock this Answer For Free Now!
View this answer and more for free by performing one of the following actions
Scan the QR code to install the App and get 2 free unlocks
Unlock quizzes for free by uploading documents