During the monitoring phase, an anomaly is detected in the network traffic pattern indicating potential exfiltration of sensitive data. The security analyst observes a consistent high volume of outbound traffic heading to an unusual external IP address. What should the analyst do FIRST in accordance with incident declaration and escalation practices?
You selected this option
Follow the organizational incident response plan to determine if the observed activity meets the criteria for incident declaration and escalate as required.
You selected this option
Draft an executive summary of the event to be distributed to all employees to ensure company-wide awareness.
You selected this option
Contact law enforcement for immediate investigation before taking any internal response measures.
You selected this option
Immediately disconnect the network to prevent further potential data loss without validating the incident.
Upon detection of anomalies that suggest a security incident, the analyst should first follow the organizational incident response plan to determine if the observed activity meets the criteria for declaring an incident. Once confirmed that it meets the threshold, the incident should be escalated according to the plan, ensuring that the relevant stakeholders are alerted and the appropriate response activities commence.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.