SSCP

Study mode — explanations shown

1

Incident Response and Recovery

medium

A security analyst detects unusual outbound traffic from a server that normally communicates only with internal systems. The firewall logs show connections to an external IP address on port 443/tcp. Which incident response step should the analyst perform FIRST?

0 of 10 answered