Question

Veronica has just received an alert from a monitoring system that it has detected beaconing on the network. Which of the following should she do next?

a. Determine which computer(s) may have malware infections.
b. Implement an application whitelist for network clients.
c. Determine which users are attempting to exfiltrate data outside of the network.
d. Block the ports on the firewall that are commonly used for beaconing.

Answer 1

Veronica's first action should be to determine which computers may have malware infections since beaconing indicates communication with external command-and-control servers and is a typical sign of a malware compromise.

Step-by-step explanation:

When Veronica receives an alert for detected beaconing on the network, the first step she should take is to determine which computer(s) may have malware infections. Beaconing can be a sign that malware is communicating with an external command-and-control server, which is a common behavior in botnets or other malicious software compromises.

While implementing an application whitelist for network clients, determining which users are attempting to exfiltrate data, and blocking ports on the firewall can be subsequent actions, initially identifying and isolating the infected devices will prevent further spread and allow for a precise response to the incident.