A security analyst, while doing a security scan using packet capture security tools, noticed large volumes of data images of company products being exfiltrated to
foreign IP addresses. Which of the following is the FIRST step in responding to scan results?
A.
Incident identification
B.
Implement mitigation
C.
Chain of custody
D.
Capture system image
This is not correct.
B is correct becouse incident is still in progress. You probably need to FIRST mitigate incident to don’t send images, then you can go with incident identification what is occur
0
0