CS0-003 Incident Response and Management • Set 6
CS0-003 Incident Response and Management Practice Test 6 — 15 questions with explanations. Free, no signup.
During the detection and analysis phase of the NIST SP 800-61 incident response lifecycle, a security analyst identifies an alert indicating a high volume of outbound traffic from a critical server to an unknown IP address. Which of the following actions should the analyst perform FIRST?