Which of the following is an example of a remediation step?

Unlock all questions

This demo includes only 20 questions. Upgrade to access hundreds of questions, flashcards, exam simulations, and disable ads.

Full question bankExam simulationsFlashcards
From $24.99Unlock all

Study for the SANS Advanced Incident Response, Threat Hunting, and Digital Forensics (FOR508) Test. Prepare with comprehensive materials, flashcards, and multiple choice questions with hints and explanations. Ace your exam with confidence!

Multiple Choice

Which of the following is an example of a remediation step?

Explanation:
Remediation steps are actions that directly reduce the attacker’s foothold and prevent reoccurrence. Blackholing malicious domain names is a remediation because it blocks the attacker’s infrastructure from reachable communications by preventing DNS resolutions for those domains. Implementing DNS sinkholing or domain-based filtering disrupts malware’s ability to contact command-and-control servers or receive instructions, cutting off the external channel the threat uses. This can be applied quickly across the environment and targets the root cause of ongoing compromise—the reachability of malicious hosts. Blocking IP addresses is a mitigation that can be effective but may be evaded as attackers switch IPs or use domain-based infrastructure. Rebuilding compromised systems is a comprehensive recovery/eradication effort and, while essential, is more resource-intensive and follows containment and eradication. Coordinating with cloud and service providers is important for broader response but isn’t a concrete remediation action by itself.

Remediation steps are actions that directly reduce the attacker’s foothold and prevent reoccurrence. Blackholing malicious domain names is a remediation because it blocks the attacker’s infrastructure from reachable communications by preventing DNS resolutions for those domains. Implementing DNS sinkholing or domain-based filtering disrupts malware’s ability to contact command-and-control servers or receive instructions, cutting off the external channel the threat uses. This can be applied quickly across the environment and targets the root cause of ongoing compromise—the reachability of malicious hosts.

Blocking IP addresses is a mitigation that can be effective but may be evaded as attackers switch IPs or use domain-based infrastructure. Rebuilding compromised systems is a comprehensive recovery/eradication effort and, while essential, is more resource-intensive and follows containment and eradication. Coordinating with cloud and service providers is important for broader response but isn’t a concrete remediation action by itself.

More Multiple Choice Questions
Subscribe

Get the latest from Examzify

You can unsubscribe at any time. Read our privacy policy