Which of the following techniques would be BEST to enable this activity while reducing the risk of lateral spread and the risk that the adversary would notice any changes?

During an incident, a company’s CIRT determines it is necessary to observe the continued network-based transactions between a callback domain and the malware running on an enterprise PC.

Which of the following techniques would be BEST to enable this activity while reducing the risk of lateral spread and the risk that the adversary would notice any changes?
A . Physically move the PC to a separate Internet point of presence.
B . Create and apply microsegmentation rules.
C . Emulate the malware in a heavily monitored DMZ segment.
D . Apply network blacklisting rules for the adversary domain.

Answer: B

Latest SY0-501 Dumps Valid Version with 1212 Q&As

Latest And Valid Q&A | 90 Days Free Update | Once Fail, Full Refund

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>

Enjoy 15% Discount With Coupon "15off"
Expire in 1 Day