Cyber Monday 2024! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions

CompTIA Exam 220-1102 Topic 5 Question 24 Discussion

Actual exam question for CompTIA's 220-1102 exam
Question #: 24
Topic #: 5
[All 220-1102 Questions]

A technician has identified malicious traffic originating from a user's computer. Which of the following is the best way to identify the source of the attack?

Show Suggested Answer Hide Answer
Suggested Answer: B

Isolating the machine from the network is the best way to identify the source of the attack, because it prevents the malicious traffic from spreading to other devices or reaching the attacker. Isolating the machine can also help preserve the evidence of the attack, such as the malware files, the network connections, the registry entries, or the system logs. By isolating the machine, a technician can safely analyze the machine and determine the source of the attack, such as a phishing email, a compromised website, a removable media, or a network vulnerability.


Contribute your Thoughts:

Leanna
8 months ago
A physical inventory? Really? That seems like a waste of time. Unless the attacker left a note on the machine or something, I don't see how that would help.
upvoted 0 times
...
Almeta
8 months ago
Ooh, the Windows Event Viewer! That's a good idea. Maybe you could find some clues in there about what's going on.
upvoted 0 times
...
Lavelle
8 months ago
I don't know, isolating the machine seems like the most direct way to stop the attack, you know? But then you wouldn't be able to investigate further.
upvoted 0 times
...
Jina
8 months ago
Hmm, this is a tricky one. I feel like the firewall logs would be the best place to start, since that's where you'd likely see the malicious traffic originating from.
upvoted 0 times
Hoa
7 months ago
I think inspecting the Windows Event Viewer could provide valuable clues as well.
upvoted 0 times
...
Gail
7 months ago
Yeah, isolating the machine could help contain the spread of the attack.
upvoted 0 times
...
Christene
8 months ago
I agree, checking the firewall logs is essential in this situation.
upvoted 0 times
...
Asha
8 months ago
D) Take a physical inventory of the device.
upvoted 0 times
...
Denny
8 months ago
C) Inspect the Windows Event Viewer.
upvoted 0 times
...
Carmen
8 months ago
B) Isolate the machine from the network.
upvoted 0 times
...
Wayne
8 months ago
A) Investigate the firewall logs.
upvoted 0 times
...
...

Save Cancel
az-700  pass4success  az-104  200-301  200-201  cissp  350-401  350-201  350-501  350-601  350-801  350-901  az-720  az-305  pl-300  

Warning: Cannot modify header information - headers already sent by (output started at /pass.php:70) in /pass.php on line 77