Question
A security analyst analyzes application logs to identify any suspicious activities and notices that one of the company's recently resigned employees had downloaded a large amount of data just before leaving.
What is the analyst's most appropriate next step based on the scenario?
answer
Check the company's firewall logs to identify any external connections made by the former employee
Block the former employee's access to the company's server to prevent further data exfiltration
Review the network's DNS logs to identify any unusual connections to external domains
Notify the authorities and report the incident to prevent further data theft
What is the analyst's most appropriate next step based on the scenario?
answer
Check the company's firewall logs to identify any external connections made by the former employee
Block the former employee's access to the company's server to prevent further data exfiltration
Review the network's DNS logs to identify any unusual connections to external domains
Notify the authorities and report the incident to prevent further data theft
Answers
GPT-5 mini
Block the former employee's access to the company's server to prevent further data exfiltration.
Rationale and next steps (brief):
- Contain immediately by disabling the account, revoking credentials, and removing remote access.
- Preserve and collect relevant logs and evidence (file access, endpoint images, firewall/DNS logs) for investigation and legal/HR review.
- Notify HR and legal/incident response team; escalate to law enforcement only after internal review and according to policy.
Rationale and next steps (brief):
- Contain immediately by disabling the account, revoking credentials, and removing remote access.
- Preserve and collect relevant logs and evidence (file access, endpoint images, firewall/DNS logs) for investigation and legal/HR review.
- Notify HR and legal/incident response team; escalate to law enforcement only after internal review and according to policy.