You are working as a cybersecurity analyst for a 3rd party contractor. You have been brought in by an organization who believes they were hacked by a malicious actor. Their internal security team has hired you to determine the impact of the unauthorized access. At the time of the intrusion there were 5 servers online: DEV_APP_001, PRD_APP_002, PRD_DB_008, STG_DB_004 and FINANCE_009. What step should you take to begin the analysis?
Create a snapshot backup and then reformat each server
Begin analyzing each server after prioritizing them based on the data stored on each server
Create a new server running Kali Linux and make necessary firewall changes to allow it to access all the listed servers
Begin hardening all servers immediately before the impact analysis starts
You are hired to do an analysis on the systems to determine the impact of a malicious actor. Hardening and wiping the servers is outside of the scope of this analysis, but may be a recommended next step based on your findings. The logical step is to determine which servers are the most critical based on the data hosted on them, and begin analyzing them one-by-one in order of most important/critical data.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What does it mean to prioritize servers based on data importance?
Open an interactive chat with Bash
What is the role of a cybersecurity analyst in an incident response?
Open an interactive chat with Bash
Why is hardening servers not the first step in impact analysis?