210-255 · Question #88
What is the process of remediation the system from attack so that responsible threat actor can be revealed?
The correct answer is A. Validating the Attacking Host's IP Address. Validating the attacking host's IP address is the foundational remediation step used to confirm the attack source, enabling attribution of the responsible threat actor.
Question
What is the process of remediation the system from attack so that responsible threat actor can be revealed?
Options
- AValidating the Attacking Host's IP Address
- BResearching the Attacking Host through Search Engines.
- CUsing Incident Databases.
- DMonitoring Possible Attacker Communication Channels.
How the community answered
(34 responses)- A85% (29)
- B3% (1)
- C3% (1)
- D9% (3)
Why each option
Validating the attacking host's IP address is the foundational remediation step used to confirm the attack source, enabling attribution of the responsible threat actor.
Validating the attacking host's IP address involves confirming and verifying the source IP through logs, network captures, and reverse lookups to establish an accurate, authoritative record of the attacker's origin. This is a prerequisite step during post-incident remediation because a verified IP address is required before any further investigative, legal, or counter-action can be reliably pursued against the responsible threat actor.
Researching the attacking host through search engines is an OSINT technique performed after the attacking IP is already validated, making it a secondary investigative step rather than the initial remediation action.
Using incident databases helps correlate known indicators of compromise against a previously identified host but depends on a validated identifier rather than being the starting point of remediation.
Monitoring possible attacker communication channels is a threat intelligence and surveillance activity that follows initial host identification and does not constitute the first step to reveal the responsible threat actor.
Concept tested: Incident response attribution via attacking host IP validation
Source: https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-61r2.pdf
Topics
Community Discussion
No community discussion yet for this question.