Question
As a security analyst, you are notified by an employee that their work iPad has some setting changes and a new app that they didn't download.
What is the first step you should take to discover what is happening?
answer
Look through the event log for suspicious events.
Search online for any new known malware threats that match the indicators of compromise (IOCs).
Run an antivirus software scan on the device and scan the entire network.
Ask the employee to turn off the device.
What is the first step you should take to discover what is happening?
answer
Look through the event log for suspicious events.
Search online for any new known malware threats that match the indicators of compromise (IOCs).
Run an antivirus software scan on the device and scan the entire network.
Ask the employee to turn off the device.
Answers
GPT-4o mini
The first step you should take to discover what is happening is:
**Look through the event log for suspicious events.**
This step will allow you to gather initial information about any unauthorized access or suspicious activities on the device before taking further actions. It helps establish a timeline and context around the changes observed, which can aid in determining the nature of the incident.
**Look through the event log for suspicious events.**
This step will allow you to gather initial information about any unauthorized access or suspicious activities on the device before taking further actions. It helps establish a timeline and context around the changes observed, which can aid in determining the nature of the incident.