What is the next step in handling the incident?

350-201 0 Comments

A SIEM tool fires an alert about a VPN connection attempt from an unusual location. The incident response team validates that an attacker has installed a remote access tool on a user’s laptop while traveling. The attacker has the user’s credentials and is attempting to connect to the network.

What is the next step in handling the incident?
A . Block the source IP from the firewall
B . Perform an antivirus scan on the laptop
C . Identify systems or services at risk
D . Identify lateral movement

Answer: C

Latest 350-201 Dumps Valid Version with 139 Q&As

Latest And Valid Q&A | Instant Download | Once Fail, Full Refund

Instant Download 350-201 PDF     350-201 Questions Online Training
Subscribe
Notify of
guest
0 Comments
Inline Feedbacks
View all comments