Which two actions can help identify an attacking host during a security incident? (Choose two.)
- Use an Internet search engine to gain additional information about the attack.
- Log the time and date that the evidence was collected and the incident remediated.
- Determine the location of the recovery and storage of all evidence.
- Validate the IP address of the threat actor to determine if it is viable.
- Develop identifying criteria for all evidence such as serial number, hostname, and IP address
Explanation: The following actions can help identify an attacking host during a security incident:
- Use incident databases to research related activity.
- Validate the IP address of the threat actor to determine if it is a viable one.
- Use an Internet search engine to gain additional information about the attack.
- Monitor the communication channels that some threat actors use, such as IRC.
Exam with this question: CCNA SECOPS 210-255 Dumps – Certification Practice Exam Answers
Exam with this question: CyberOps Associate (Version 1.0) - Module 28: Digital Forensics and Incident Analysis and Response Answers
Exam with this question: Cyber Threat Management - 6.6.2 Digital Forensics and Incident Analysis and Response Quiz
Please login or Register to submit your answer