A cybersecurity analyst observes a significant spike in network traffic volume during non-business hours. The traffic is directed at an internal server that usually has low bandwidth usage. What should be the analyst’s FIRST action in response to this observation?
Immediately restrict outbound traffic from the affected server to prevent potential data loss.
Check for open ports on the firewall that shouldn't be open.
Update the firmware on all network devices to ensure the latest security patches are applied.
Analyze the types of traffic to establish the nature of the packets causing the spike.
|Incident Response and Management
|Reporting and Communication