A security analyst discovers unusual traffic patterns originating from an internal employee's workstation. What is the most appropriate initial step to take in managing this incident?
Report the incident to upper management before taking further actions.
Begin to analyze the traffic logs from the server.
Isolate the workstation from the network to prevent further compromise.
Notify the employee about the suspicious activity on their account.
The best approach when an unusual pattern is detected is to contain the incident as soon as possible. Disconnecting the workstation from the network helps prevent potential data exfiltration or further spread of any malicious activity. The other options might delay the necessary response to the incident.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
Why is isolating the workstation the best initial step?
Open an interactive chat with Bash
What does it mean to analyze traffic logs?
Open an interactive chat with Bash
What are the potential consequences of not isolating the workstation?
Open an interactive chat with Bash
ISC2 CISSP
Security Operations
Your Score:
Report Issue
Bash, the Crucial Exams Chat Bot
AI Bot
Loading...
Loading...
Loading...
IT & Cybersecurity Package Join Premium for Full Access