During an incident, a company’s CIRT determines it is necessary to observe the continued network-based transactions between a callback domain and the malware running on an enterprise PC.
Which of the following techniques would be BEST to enable this activity while reducing the risk of lateral spread and the risk that the adversary would notice any changes?
A . Physically move the PC to a separate Internet point of presence.
B . Create and apply microsegmentation rules.
C . Emulate the malware in a heavily monitored DMZ segment.
D . Apply network blacklisting rules for the adversary domain.