CS0-003 Incident Response and Management • Set 4
CS0-003 Incident Response and Management Practice Test 4 — 15 questions with explanations. Free, no signup.
During the detection and analysis phase of incident response, a security analyst identifies suspicious outbound traffic from a finance workstation to a known malicious IP address at 2:00 AM. The analyst checks the firewall logs and sees a single connection. Which action should the analyst take FIRST according to NIST SP 800-61?