What is the next step the analyst should take?

350-201 0 Comments

A security analyst receives an escalation regarding an unidentified connection on the Accounting A1 server within a monitored zone. The analyst pulls the logs and discovers that a Powershell process and a WMI tool process were started on the server after the connection was established and that a PE format file was created in the system directory .

What is the next step the analyst should take?
A . Isolate the server and perform forensic analysis of the file to determine the type and vector of a possible attack
B . Identify the server owner through the CMDB and contact the owner to determine if these were planned and identifiable activities
C . Review the server backup and identify server content and data criticality to assess the intrusion risk
D . Perform behavioral analysis of the processes on an isolated workstation and perform cleaning procedures if the file is malicious

Answer: C

Latest 350-201 Dumps Valid Version with 139 Q&As

Latest And Valid Q&A | Instant Download | Once Fail, Full Refund

Instant Download 350-201 PDF     350-201 Questions Online Training
Subscribe
Notify of
guest
0 Comments
Inline Feedbacks
View all comments