Deal of The Day! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions
Mail Us support@pass4success.com
Location US
Mob_nav_barsMENU

CompTIA Exam 220-1102 Topic 5 Question 24 Discussion

Actual exam question for CompTIA's 220-1102 exam
Question #: 24
Topic #: 5
[All 220-1102 Questions]

A technician has identified malicious traffic originating from a user's computer. Which of the following is the best way to identify the source of the attack?

Show Suggested Answer Hide Answer
Suggested Answer: B

Isolating the machine from the network is the best way to identify the source of the attack, because it prevents the malicious traffic from spreading to other devices or reaching the attacker. Isolating the machine can also help preserve the evidence of the attack, such as the malware files, the network connections, the registry entries, or the system logs. By isolating the machine, a technician can safely analyze the machine and determine the source of the attack, such as a phishing email, a compromised website, a removable media, or a network vulnerability.


by Paz at Jan 22, 2024, 02:10 PM

Limited Time Offer

25%

Off

Get Premium 220-1102 Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

Submit Cancel
Leanna
7 months ago
A physical inventory? Really? That seems like a waste of time. Unless the attacker left a note on the machine or something, I don't see how that would help.
upvoted 0 times
...
Almeta
7 months ago
Ooh, the Windows Event Viewer! That's a good idea. Maybe you could find some clues in there about what's going on.
upvoted 0 times
...
Lavelle
7 months ago
I don't know, isolating the machine seems like the most direct way to stop the attack, you know? But then you wouldn't be able to investigate further.
upvoted 0 times
...
Jina
7 months ago
Hmm, this is a tricky one. I feel like the firewall logs would be the best place to start, since that's where you'd likely see the malicious traffic originating from.
upvoted 0 times
Hoa
6 months ago
I think inspecting the Windows Event Viewer could provide valuable clues as well.
upvoted 0 times
...
Gail
6 months ago
Yeah, isolating the machine could help contain the spread of the attack.
upvoted 0 times
...
Christene
6 months ago
I agree, checking the firewall logs is essential in this situation.
upvoted 0 times
...
Asha
6 months ago
D) Take a physical inventory of the device.
upvoted 0 times
...
Denny
6 months ago
C) Inspect the Windows Event Viewer.
upvoted 0 times
...
Carmen
6 months ago
B) Isolate the machine from the network.
upvoted 0 times
...
Wayne
6 months ago
A) Investigate the firewall logs.
upvoted 0 times
...
...

Save Cancel