A company has noticed a sudden increase in network bandwidth consumption, unexpected outbound communication from multiple endpoints, and anomalies in server logs. Which of the following actions should the incident response team prioritize to identify and mitigate the threat?
Scanning endpoints for malware
Checking for unauthorized privileges on user accounts
Reviewing server logs for anomalies
Initiating a packet capture to analyze network traffic
The incident response team should first initiate a packet capture to analyze the network traffic in detail, as it will help identify malicious communication patterns, unexpected data transfers, and other indicators of compromise. While other tasks such as reviewing server logs and checking for unauthorized privileges are important, capturing packets provides a comprehensive view of the network activity that triggered the incident.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is packet capture and how does it work?
Open an interactive chat with Bash
What types of anomalies can be detected in packet captures?
Open an interactive chat with Bash
Why is packet capture prioritized over checking server logs or scanning for malware?