Which of the following is the next BEST course of action the administrator should take?

SY0-501 0 Comments

A new network administrator is establishing network circuit monitoring guidelines to catch potentially malicious traffic.

The administrator begins monitoring the NetFlow statistics tor the critical Internet circuit and notes the following data after two weeks.

However, after checking the statistics from the weekend following the compiled statistics the administrator notices a spike in traffic to 250Mbps sustained for one hour. The administrator is able to track the source of the spike to a server in the DMZ.

Which of the following is the next BEST course of action the administrator should take?
A . Enable a packet capture on the firewall to catch the raw packets on the next occurrence
B . Consult the NetFlow logs on the NetFlow server to determine what data was being transferred
C . Immediately open a Seventy 1 case with the security analysts to address potential data exfiltration
D . Rerun the baseline data gathering for an additional four weeks and compare the results

Answer: A

Latest SY0-501 Dumps Valid Version with 1130 Q&As

Latest And Valid Q&A | Instant Download | Once Fail, Full Refund

Instant Download SY0-501 PDF     SY0-501 Questions Online Training
Subscribe
Notify of
guest
0 Comments
Inline Feedbacks
View all comments