Register
A cybersecurity analyst has determined that an attack has occurred against your company's network. Fortunately, your company uses a good logging system with a centralized Syslog server, so all the logs
173k views
0 votes
A cybersecurity analyst has determined that an attack has occurred against your company's network. Fortunately, your company uses a good logging system with a centralized Syslog server, so all the logs are available, collected, and stored properly. According to the cybersecurity analyst, the logs indicate that the database server was the only company server on the network that appears to have been attacked. The network is a critical production network for your organization. Therefore, you have been asked to choose the LEAST disruptive actions on the network while performing the appropriate incident response actions. Which actions do you recommend as part of the response efforts?

1) Capture network traffic using a sniffer, schedule a period of downtime to image and remediate the affected server, and maintain the chain of custody
2) Immediately remove the database server from the network, create an image of its hard disk, and maintain the chain of custody

User Mark Janssen
by
8.0k points

1 Answer

0 votes

Final answer:

To respond to a cybersecurity incident with minimal disruption, capture network traffic with a sniffer, schedule downtime to image the affected database server, and maintain the chain of custody. Avoid immediate removal of the server as it may lead to loss of critical real-time data.

Step-by-step explanation:

Given the scenario where a cybersecurity analyst has identified an attack on the company's network, specifically targeting the database server, it is crucial to respond with the least disruptive actions while ensuring proper incident response procedures are followed. The recommended action includes:

  1. Capture network traffic using a sniffer to gain insights into the nature and scope of the attack.
  2. Schedule a period of downtime at a time that will minimize disruption to business processes in order to create an exact image of the database server for forensic analysis and to implement remediation strategies.
  3. Throughout the process, maintain the chain of custody for all evidence collected to ensure any findings can be used in legal proceedings or further investigations.

User Bikeonastick
by
8.1k points
Ask a Question
Welcome to QAmmunity.org, where you can ask questions and receive answers from other members of our community.

9.4m questions

12.1m answers

Other Questions

“What does it mean when we “rework” copyrighted material?”
The book shows how to add and subtract binary and decimal numbers. However, other numbering systems are also very popular when dealing with computers. The octal (base 8) numbering system is one of these.
Please help me ! All you do is just put it it all in your own words ! Please this is for my reported card!i don't know how to put it in my own words because my English is not that good!
describe an advance in technology that makes life more enjoyable. what discoveries contribute to this technology?
Explain why binary codes are used to represent characters, numbers and symbols :)
Link Copied!