Bird
0
0

After receiving alerts about unusual outbound traffic at an odd hour, what should a security analyst do next during the detection and analysis phase?

medium📝 Analysis Q4 of 15
Cybersecurity - Incident Response
After receiving alerts about unusual outbound traffic at an odd hour, what should a security analyst do next during the detection and analysis phase?
AInvestigate the source and destination of the traffic
BImmediately block all outbound traffic
CIgnore the alerts if no users report issues
DRestart the affected servers
Step-by-Step Solution
Solution:

  1. Step 1: Analyze alerts

    Alerts indicate unusual outbound traffic; understanding context is key.

  2. Step 2: Investigate details

    Identifying source and destination helps determine if traffic is malicious.

  3. Final Answer:

    Investigate the source and destination of the traffic -> Option A

  4. Quick Check:

    Analysis requires understanding alert context [OK]
Quick Trick: Always analyze alert details before taking action [OK]
Common Mistakes:
MISTAKES
  • Blocking traffic without investigation
  • Ignoring alerts due to lack of user complaints
  • Taking disruptive actions prematurely

Want More Practice?

15+ quiz questions · All difficulty levels · Free

Free Signup - Practice All Questions
More Cybersecurity Quizzes
Advanced Threat Protection - Endpoint Detection and Response (EDR) - Quiz 8hard Compliance and Governance - PCI DSS for payment data - Quiz 1easy Digital Forensics - Why forensics preserves evidence - Quiz 14medium Digital Forensics - Why forensics preserves evidence - Quiz 8hard Digital Forensics - Mobile device forensics - Quiz 5medium Digital Forensics - Network forensics - Quiz 5medium Digital Forensics - Why forensics preserves evidence - Quiz 15hard Incident Response - Incident documentation - Quiz 6medium Incident Response - Eradication and recovery - Quiz 12easy Security Architecture and Design - Threat modeling (STRIDE, DREAD) - Quiz 10hard