Multiple Choice
During an incident, a company's CIRT determines it is necessary to observe the continued network-based transactions between a callback domain and the malware running on an enterprise PC. Which of the following techniques would be BEST to enable this activity while reducing the risk of lateral spread and the risk that the adversary would notice any changes?
A) Physically move the PC to a separate Internet point of presence.
B) Create and apply microsegmentation rules.
C) Emulate the malware in a heavily monitored DMZ segment.
D) Apply network blacklisting rules for the adversary domain.
Correct Answer:
Verified
Correct Answer:
Verified
Q55: A network administrator adds an ACL to
Q56: Which of the following are the MAIN
Q57: A network operations manager has added a
Q58: An attacker compromises a public CA and
Q59: An information security specialist is reviewing the
Q61: Which of the following identity access methods
Q62: A system's administrator has finished configuring firewall
Q63: Which of the following methods minimizes the
Q64: A security analyst needs to be proactive
Q65: Which of the following characteristics differentiate a