You are working as a cybersecurity analyst for a third-party contractor. You have been brought in by an organization that believes it was hacked by a malicious actor. Their internal security team has hired you to determine the impact of the unauthorized access. At the time of the intrusion, there were five servers online: DEV_APP_001, PRD_APP_002, PRD_DB_008, STG_DB_004, and FINANCE_009. What step should you take first to begin the analysis?
Create a new server running Kali Linux and make necessary firewall changes to allow it to access all the listed servers.
Begin hardening all servers immediately before the impact analysis starts.
Begin analyzing each server after prioritizing them based on the data stored on each server.
Create a snapshot backup and then reformat each server.
You have been hired to perform an analysis on the systems to determine the impact of a malicious actor. Hardening or wiping the servers is outside the scope of this initial analysis and could destroy crucial evidence; these actions may be recommended as later steps based on your findings. The correct first step in the analysis phase is to prioritize the servers based on the criticality of the data they host (e.g., financial or production data vs. development data) and then begin analyzing them in that order.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What does it mean to prioritize servers based on the data they store?
Open an interactive chat with Bash
Why is it not appropriate to begin hardening or wiping servers during an impact analysis?
Open an interactive chat with Bash
What tools or techniques can be used to analyze servers for signs of intrusion?