A computer emergency response team is called at midnight to investigate a case in which a mail server was restarted. After an initial investigation, it was discovered that email is being exfiltrated through an active connection. Which of the following is the NEXT step the team should take?
A) Identify the source of the active connection
B) Perform eradication of active connection and recover
C) Performance containment procedure by disconnecting the server
D) Format the server and restore its initial configuration
Correct Answer:
Verified
Q280: When it comes to cloud computing, if
Q281: A remote intruder wants to take inventory
Q282: Which of the following uses precomputed hashes
Q283: A security analyst is reviewing an assessment
Q284: A forensic expert is given a hard
Q286: An incident response manager has started to
Q287: An active/passive configuration has an impact on:
A)
Q288: An application was recently compromised after some
Q289: A recent internal audit is forcing a
Q290: A security analyst is investigating a potential
Unlock this Answer For Free Now!
View this answer and more for free by performing one of the following actions
Scan the QR code to install the App and get 2 free unlocks
Unlock quizzes for free by uploading documents