Multiple Choice
A team of security analysts has been alerted to potential malware activity. The initial examination indicates one of the affected workstations is beaconing on TCP port 80 to five IP addresses and attempting to spread across the network over port 445. Which of the following should be the team's NEXT step during the detection phase of this response process?
A) Escalate the incident to management, who will then engage the network infrastructure team to keep them informed.
B) Depending on system criticality, remove each affected device from the network by disabling wired and wireless connections.
C) Engage the engineering team to block SMB traffic internally and outbound HTTP traffic to the five IP addresses.
D) Identify potentially affected systems by creating a correlation search in the SIEM based on the network traffic.
Correct Answer:
Verified
Correct Answer:
Verified
Q136: A cybersecurity analyst is contributing to a
Q137: While planning segmentation for an ICS environment,
Q138: Given the Nmap request below: <img src="https://d2lvgg3v3hfg70.cloudfront.net/C1257/.jpg"
Q139: A security analyst gathered forensics from a
Q140: An audit has revealed an organization is
Q142: A Chief Security Officer (CSO) is working
Q143: A security analyst received an alert from
Q144: For machine learning to be applied effectively
Q145: Which of the following MOST accurately describes
Q146: A large amount of confidential data was