A cybersecurity analyst observes a significant spike in network traffic volume during non-business hours. The traffic is directed at an internal server that usually has low bandwidth usage. What should be the analyst’s FIRST action in response to this observation?
You selected this option
Check for open ports on the firewall that shouldn't be open.
You selected this option
Update the firmware on all network devices to ensure the latest security patches are applied.
You selected this option
Immediately restrict outbound traffic from the affected server to prevent potential data loss.
You selected this option
Analyze the types of traffic to establish the nature of the packets causing the spike.
When an analyst detects an unexpected change in network traffic, such as a significant increase in volume during odd hours, it is crucial to analyze the type of traffic to determine if the activity is benign or malicious. This initial step will guide subsequent investigative actions, such as activating intrusion detection systems or informing the incident response team. Checking for open ports that shouldn't be open would not immediately explain the traffic spike. Similarly, updating network device firmware is a maintenance task that is unlikely to directly address an ongoing traffic anomaly. Restricting outbound traffic would be a mitigation step once malicious activity is confirmed; this would potentially prevent data exfiltration but does not constitute an initial analysis of the situation.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What exactly does analyzing the types of traffic involve?
Open an interactive chat with Bash
Why is it important to act quickly upon noticing a traffic spike?
Open an interactive chat with Bash
What tools can assist in analyzing network traffic, and how do they work?