ATP detects a threat phoning home to a command and control server and creates a new incident. The threat is NOT being detected by SEP, but the Incident
Response team conducted an indicators of compromise (IOC) search for the machines that are contacting the malicious sites to gather more information.
Which step should the Incident Response team incorporate into their plan of action?
A. Perform a healthcheck of ATP
B. Create firewall rules in the Symantec Endpoint Protection Manager (SEPM) and the perimeter firewall
C. Use ATP to isolate non-SEP protected computers to a remediation VLAN
D. Rejoin the endpoints back to the network after completing a final virus scan
|
Download Printable PDF. VALID exam to help you PASS. |
 |