A security analyst detects unusual outbound traffic from a server that normally communicates only with internal systems. The firewall logs show connections to an external IP address on port 443/tcp. Which incident response step should the analyst perform FIRST?
Select one:
ISC2 often tests the misconception that immediate shutdown or antivirus scanning is the correct firs...