Which two actions can help identify an attacking host during a security incident? (Choose two.)

IT Questions BankCategory: CCNA CyberOpsWhich two actions can help identify an attacking host during a security incident? (Choose two.)

Which two actions can help identify an attacking host during a security incident? (Choose two.)

  • Use an Internet search engine to gain additional information about the attack.
  • Log the time and date that the evidence was collected and the incident remediated.
  • Determine the location of the recovery and storage of all evidence.
  • Validate the IP address of the threat actor to determine if it is viable.
  • Develop identifying criteria for all evidence such as serial number, hostname, and IP address

Explanation: The following actions can help identify an attacking host during a security incident:

  • Use incident databases to research related activity.
  • Validate the IP address of the threat actor to determine if it is a viable one.
  • Use an Internet search engine to gain additional information about the attack.
  • Monitor the communication channels that some threat actors use, such as IRC.

Exam with this question: CCNA SECOPS 210-255 Dumps – Certification Practice Exam Answers
Exam with this question: CyberOps Associate (Version 1.0) - Module 28: Digital Forensics and Incident Analysis and Response Answers
Exam with this question: Cyber Threat Management - 6.6.2 Digital Forensics and Incident Analysis and Response Quiz

Subscribe
Notify of
guest

0 Comments
Inline Feedbacks
View all comments