Which of the following steps should the security analyst take next to resolve this issue?

A security analyst reviews the daily logs and notices the following suspicious activity:

The analyst investigates the firewall logs and identities the following:

Which of the following steps should the security analyst take next to resolve this issue? (Select two).
A . Submit an IT support ticket and request Kali Linux be uninstalled from John Smith’s computer
B . Block all inbound connections on port 4444 and block the IP address 201.101.25.121.
C . Contact John Smith and request the Ethernet cable attached to the desktop be unplugged
D . Check the running processes to confirm if a backdoor connection has been established.
E . Upgrade the Windows x64 operating system on John Smith’s computer to the latest version.
F . Block all outbound connections from the IP address 10.150.71.151.

View Answer

Answer: B, D

Explanation:

Given the suspicious activity and Kali Linux’s association with penetration testing and hacking tools, the security analyst should block all inbound connections on port 4444, as it is commonly used for malicious purposes, and block the IP address that’s potentially the source of the intrusion. Additionally, checking the running processes on John Smith’s computer is crucial to determine if a backdoor or unauthorized connection has been established.

Reference: Incident response and threat mitigation steps such as these are part of the security protocols discussed in the CompTIA Cloud+ certification.