Multiple Choice
An Incident Responder observes an incident with multiple malware downloads from a malicious domain. The domain in question belongs to one of the organization's suppliers. The organization needs access to the site to continue placing orders. ATP: Network is configured in Inline Block mode. How should the Incident Responder proceed?
A) Whitelist the domain and close the incident as a false positive
B) Identify the pieces of malware and blacklist them, then notify the supplier
C) Blacklist the domain and IP of the attacking site
D) Notify the supplier and block the site on the external firewall
Correct Answer:
Verified
Correct Answer:
Verified
Q60: When working on Storage Foundation 5.0 on
Q61: A DLP administrator needs to have the
Q62: You want to remove the disk named
Q63: What is an "outbound route", as configured
Q64: Malware is currently spreading through an organization's
Q66: What is the most efficient method for
Q67: What is the earliest stage at which
Q68: Which SEP technologies are used by ATP
Q69: A system administrator has a large amount
Q70: You administer the Storage Foundation 5.0 environment