During an incident, a company's CIRT determines it is necessary to observe the continued network-based transactions between a callback domain and the malware running on an enterprise PC. Which of the following techniques would be BEST to enable this activity while reducing the risk of lateral spread and the risk that the adversary would notice any changes?
A) Physically move the PC to a separate Internet point of presence.
B) Create and apply microsegmentation rules.
C) Emulate the malware in a heavily monitored DMZ segment.
D) Apply network blacklisting rules for the adversary domain.
Correct Answer:
Verified
Q910: A bank requires tellers to get manager
Q911: Which of the following characteristics differentiate a
Q912: Which of the following is a benefit
Q913: The Chief Security Officer (CISO) at a
Q914: The security administrator receives an email on
Q916: A security analyst is hardening a server
Q917: A security analyst is reviewing the following
Q918: A company is implementing MFA for all
Q919: Multiple employees receive an email with a
Q920: An organization just experienced a major cyberattack
Unlock this Answer For Free Now!
View this answer and more for free by performing one of the following actions
Scan the QR code to install the App and get 2 free unlocks
Unlock quizzes for free by uploading documents