300-215 · Question #57
300-215 Question #57: Real Exam Question with Answer & Explanation
Sign in or unlock 300-215 to reveal the answer and full explanation for question #57. The question stem and answer options stay visible for context.
Question
During a routine security audit, an organization's security team detects an unusual spike in network traffic originating from one of their internal servers. Upon further investigation, the team discovered that the server was communicating with an external IP address known for hosting malicious content. The security team suspects that the server may have been compromised. As the incident response process begins, which two actions should be taken during the initial assessment phase of this incident? (Choose two.)
Options
- ANotify law enforcement agencies about the incident.
- BDisconnect the compromised server from the network.
- CConduct a comprehensive forensic analysis of the server hard drive.
- DInterview employees who have access to the server.
- EReview the organization's network logs for any signs of intrusion.
Unlock 300-215 to see the answer
You've previewed enough free 300-215 questions. Unlock 300-215 for full answers, explanations, the timed quiz mode, progress tracking, and the master PDF. Question stem and options stay visible so you can still see what's on the exam.