Deal of The Day! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions
Mail Us support@pass4success.com
Location US
Mob_nav_barsMENU

CompTIA Exam 220-1102 Topic 5 Question 24 Discussion

Actual exam question for CompTIA's 220-1102 exam
Question #: 24
Topic #: 5
[All 220-1102 Questions]

A technician has identified malicious traffic originating from a user's computer. Which of the following is the best way to identify the source of the attack?

Show Suggested Answer Hide Answer
Suggested Answer: B

Isolating the machine from the network is the best way to identify the source of the attack, because it prevents the malicious traffic from spreading to other devices or reaching the attacker. Isolating the machine can also help preserve the evidence of the attack, such as the malware files, the network connections, the registry entries, or the system logs. By isolating the machine, a technician can safely analyze the machine and determine the source of the attack, such as a phishing email, a compromised website, a removable media, or a network vulnerability.


by Paz at Jan 22, 2024, 02:10 PM

Limited Time Offer

25%

Off

Get Premium 220-1102 Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

Submit Cancel
Leanna
1 years ago
A physical inventory? Really? That seems like a waste of time. Unless the attacker left a note on the machine or something, I don't see how that would help.
upvoted 0 times
...
Almeta
1 years ago
Ooh, the Windows Event Viewer! That's a good idea. Maybe you could find some clues in there about what's going on.
upvoted 0 times
...
Lavelle
1 years ago
I don't know, isolating the machine seems like the most direct way to stop the attack, you know? But then you wouldn't be able to investigate further.
upvoted 0 times
...
Jina
1 years ago
Hmm, this is a tricky one. I feel like the firewall logs would be the best place to start, since that's where you'd likely see the malicious traffic originating from.
upvoted 0 times
Hoa
11 months ago
I think inspecting the Windows Event Viewer could provide valuable clues as well.
upvoted 0 times
...
Gail
12 months ago
Yeah, isolating the machine could help contain the spread of the attack.
upvoted 0 times
...
Christene
12 months ago
I agree, checking the firewall logs is essential in this situation.
upvoted 0 times
...
Asha
12 months ago
D) Take a physical inventory of the device.
upvoted 0 times
...
Denny
12 months ago
C) Inspect the Windows Event Viewer.
upvoted 0 times
...
Carmen
12 months ago
B) Isolate the machine from the network.
upvoted 0 times
...
Wayne
12 months ago
A) Investigate the firewall logs.
upvoted 0 times
...
...

Save Cancel