The SOC has noticed an unusual volume of traffic coming from an open WiFi guest network that appears correlated with a broader network slowdown.
The network team is unavailable to capture traffic but logs from network services are available
• No users have authenticated recently through the guest network’s captive portal
• DDoS mitigation systems are not alerting
• DNS resolver logs show some very long domain names
Which of the following is the BEST step for a security analyst to take next?
A . Block all outbound traffic from the guest network at the border firewall
B . Verify the passphrase on the guest network has not been changed.
C . Search antivirus logs for evidence of a compromised company device
D . Review access pent fogs to identify potential zombie services
Answer: A
Latest CAS-003 Dumps Valid Version with 509 Q&As
Latest And Valid Q&A | Instant Download | Once Fail, Full Refund