CompTIA CySA+ CS0-003 Practice Question
A cybersecurity analyst observes a significant spike in network traffic volume during non-business hours. The traffic is directed at an internal server that usually has low bandwidth usage. What should be the analyst’s FIRST action in response to this observation?
Check for open ports on the firewall that shouldn't be open.
Immediately restrict outbound traffic from the affected server to prevent potential data loss.
Update the firmware on all network devices to ensure the latest security patches are applied.
Analyze the types of traffic to establish the nature of the packets causing the spike.