C or D 

A security analyst observes the following while looking through network traffic in a company's cloud log:

Which of the following steps should the security analyst take FIRST?

Options:

A Quarantine 10.0.5.52 and run a malware scan against the host.
B Access 10.0.5.52 via EDR and identify processes that have network connections.
C Isolate 10.0.50.6 via security groups.
D Investigate web logs on 10.0.50.6 to determine if this is normal traffic.

A Or D ??? 

A security analyst is trying to identify the source of a recent data loss incident. The analyst has reviewed all the logs the time surrounding the incident and identified all the assets on the network at the time of the data loss. The analyst suspect the key to finding the source was obfuscated in an application. Which of the following should the analyst use NEXT?

1. Software decomplier
2. Network enumerator
3. Log reduction and analysis tool
4. Static code analysis
5.  

After a security incident, a network security engineer discovers that a portion of the company's sensitive external traffic has been redirected through a secondary ISP that is not normally used.

Which of the following would BEST secure the routes while allowing the network to function in the event of a single provider failure?

Options:

A Disable BGP and implement a single static route for each internal network.
B Implement a BGP route reflector.
C Implement an inbound BGP prefix list.
D Disable BGP and implement OSPF.   

A or B 

After a security incident, a network security engineer discovers that a portion of the company's sensitive external traffic has been redirected through a secondary ISP that is not normally used.

Which of the following would BEST secure the routes while allowing the network to function in the event of a single provider failure?

Options:

A Disable BGP and implement a single static route for each internal network.
B Implement a BGP route reflector.
C Implement an inbound BGP prefix list.
D Disable BGP and implement OSPF.