Govur University Logo
--> --> --> -->
...

A security team sees a bad login on a computer. The first person checks and confirms it's a real attack. What is the very next big step they take to fix the problem, and who on the team usually does the actual work to stop the bad guy right away?



After a security team confirms a bad login is a real attack, the very next big step they take to fix the problem is containment. Containment is the process of limiting the scope and impact of a security incident to prevent further damage, unauthorized access, or data exfiltration. This involves taking immediate actions to stop the a....

Log in to view the answer



Community Answers

Sign in to open profiles and full community answers.

Harsh Bhaskar

“After a Security team confirms a bad login is a real attack, the very next big step they take to fix the problem is containment. Containment is the process of limiting the scope and impact of a security incident to prevent further damage, unauthorized access or data exfiltration. This involves taking immediate actions to stop the attacker's current activity and prevent them from spreading within the environment. For instance, common containment actions include isolating the comporomised system from the network, disabling the breached user account, or blocking the attacker's IP address at the firewall. The indivisual on the team who usually does the actual work to stop the bad guy right away by executing these technical containment actions is typically a security analyst or an incident responder. A security Analyst is responsible for monitering security systems, detecting threats and executing initial response actions. An incident Responder is a more specialixed role, focused on actively managing and resolving security incidents through direct technical intervention to mitigate threats immediately.”

87.0%

Rohan Adhikari

“After a security team confirms a bad login is a real attack, the very next big step they take to fix the problem is containment. Containment is the process of limiting the scope and impact of a security incident to prevent further damage, unauthorized access, or data exfiltration. This involves taking immediate actions to stop the attacker's current activity and prevent them from spreading within the environment. For instance, common containment ffirewall. The individual on the team who usually does the actual work to stop the bad guy right away by executing these technical containment actions is typically a Security Analyst or an Incident Responder. A Security Analyst is responsible for monitoring security systems, detecting threats, and executing initial response actions. An incident responder is a more specialized role, focused on actively managing and resolving security incidents through direct technical intervention to mitigate threats immediately.”

78.0%

Mishaal Anwar

“After confirming a real attack, the very next big step the security team takes is containment, which involves isolating the compromised computer from the network to prevent the threat from spreading or stealing more data. the professional who usually does the actual work to stop the attacker right away is the Incident Responder. Acting like a digital firefighter, the execu”

43.0%

Bakht Sanan Khan

“after confirming the atatck, the next step is containment, which isolates the affected system to prevent futher damage. The incident responder (IR) analyst typically performs the immediate actions to stop the attacker, such as isolating the device, blocking malicious and preserving evidence”

38.0%

Zwe Wai Yan Bhone Myint

“After confirming the attack, the next step is containment to prevent furture damage The incident responder or security analyst typically performs the immediate actions such as isolating the effected system disabling compromised accounts or blocking malicious activity”

35.0%

Ferid Mehtiyev

“After understanding the attack is real, the SOC L2 firstly blocks the attackers IP address to stop additional attacks. Then the account is blocked and checked for any backdoors / misconfigurations. If no problem is found, the new stricter password is created for account”

30.0%

Names

“after a security team confirm a bad login is a real attack , the very next bug step they take to fix the problem is containment . containment is the process of limiting the scope and the impac of a security incident to prevent further damage, unauthorized access, or data exfiltration .”

25.0%

Kaustubh

“the two "who does it" answes are really the same reality described with different labels,so here's how they map: securoty analyst(the hint's term) Tier 1 (the term I used )-monitors alerts, does the initial triage/confirmation Incident Responder Tier 2- the one with EDR/AD access who actually pulls the trigger: isolates the host,disables the account,blocks the IP”

24.0%

Gayatri Sudhakar Hire

“After confirming a bad login is a real attack, the next big step is containment and the person who usually performs the immediate technical actions to stop the attacker is security analyst or incident responder.”

16.0%

Eeshan Garg

“the very first step is to block the attacker Ip. and securing the account by a strong password. the Tier 2 Analyst or IR team handles the work”

16.0%

Arunank

“Containment is the next step and it is usually carried out by a Tier 2 SOC Analyst”

8.0%

Seda Avagyan

“The very nest big step is containment.”

2.0%

Sudarshan Lamichhane

“Containment”

1.0%

Kabo Sekoto

“CONTAINMENT”

1.0%

David Neves De Oliveira

“Estatuto internaciaonal do sigilo bruxo”

0.0%

Luis Antonio Gulcochia Sanchez

“contencion analista soc”

0.0%

Redundant Elements