fortinet-nse7_soc_ar-76_260430_095411(1)...

更新时间: 试题数量: 购买人数: 提供作者:

有效期: 个月

章节介绍: 共有个章节

收藏
搜索
题库预览
Refer to the exhibits. Investigation Actions: 1. Identify and Isolate Affected Systems: Begin by identifying the systems associated with the incident, specifically those linked to the IP addresses FortiGate-ISFW,FortiGate-NGFW, 10.200.200.254, and 100.64.2.21. Isolate these systems to prevent further data exfiltration. 2. Analyze Network Traffic: Examine network logs to trace the data flow and identify any unusual patterns or unauthorized data transfers. Focus on traffic related to the technique "Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol" (T1048.003). 3. Review Security Alerts and Logs: Check security alerts and logs from the incident reporting device and other security tools to gather more context on the exfiltration attempt. 4. Conduct a Forensic Analysis: Perform a forensic analysis on the affected systems to uncover any malware or unauthorized access points that facilitated the exfiltration. 5. Assess Data Impact: Determine the type and volume of data exfiltrated to assess the potential impact on the organization. 6. Implement Mitigation Measures: Based on findings, apply necessary security patches, update firewall rules, and enhance monitoring to prevent future incidents. Remediation Actions: 1. Immediate Containment: Isolate the affected systems, including the devices with IPs FortiGate-ISFW,FortiGate-NGFW and 10.200.200.254, to prevent the data exfiltration. Disconnect these systems from the network to halt any ongoing unauthorized data transfers. 2. Incident Analysis: Conduct a thorough investigation to understand the scope and impact of the exfiltration. Analyze logs and network traffic to identify the data accessed and the method used for exfiltration. 3. Patch and Update: Ensure all systems, especially those involved in the incident, are updated with the latest security patches to close any vulnerabilities that may have been exploited. 4. Enhance Monitoring: Implement enhanced monitoring and alerting for unusual data transfer activities, particularly focusing on non-standard protocols that may be used for exfiltration. 5. User Training: Conduct cybersecurity awareness training for employees to recognize and report suspicious activities, emphasizing the importance of protection. 6. Review and Update Security Policies: Reassess and update security policies and procedures to address any gaps identified during the incident analysis. How is the investigation and remediation output generated on FortiSIEM? (Choose one answer)