A security analyst is investigate an no client related to an alert from the threat detection platform on a host (10.0 1.25) in a staging environment that could be running a cryptomining tool because it in sending traffic to an IP address that are related to Bitcoin.
The network rules for the instance are the following:
Which of the following is the BEST way to isolate and triage the host?
A . Remove rules 1.2. and 3.
B . Remove rules 1.2. 4. and 5.
C . Remove rules 1.2. 3.4. and 5.
D . Remove rules 1.2. and 5.
E . Remove rules 1.4. and 5.
F . Remove rules 4 and 5
Answer: C
Explanation:
The best way to isolate and triage the host is to remove rules 1, 2, 3, 4, and 5. These rules allow inbound and outbound traffic on ports 22 (SSH), 80 (HTTP), and 443 (HTTPS) from any source or destination. By removing these rules, the security analyst can block any network communication to or from the host, preventing any further data exfiltration or malware infection. This will also allow the security analyst to perform a forensic analysis on the host without any interference from external sources.
Latest CS0-002 Dumps Valid Version with 220 Q&As
Latest And Valid Q&A | Instant Download | Once Fail, Full Refund