A security analyst is investigating malicious traffic from an internal system that attempted to download proxy avoidance software as identified from the firewall logs, but the destination IP is blocked and not captured. Which of the following should the analyst do?

A. Shut down the computer.
B. Capture live data using Wireshark.
C. Take a snapshot.
D. Determine if DNS logging is enabled.
E. Review the network logs.

Answer: D. Determine if DNS logging is enabled.

Computer Science & Information Technology

You might also like to view...

A(n) ________ is a list of information set up in a column-and-row format

Fill in the blank(s) with correct word

View

Computer Science & Information Technology

You can set a style to update automatically in the ________

A) Modify Style dialog box B) Organizer C) Style Inspector pane D) Reveal Formatting pane

View

Computer Science & Information Technology