A security analyst notices unusual outbound traffic from a server in the DMZ to an external IP address on port 4444. The server runs a web application. Which action should the analyst take first?
Select one:
The trap here is that candidates often choose to immediately block or disconnect, confusing containm...