Q: 11
Engineers are working to document, list, and discover all used applications within an organization.
During the regular assessment of applications from the HR backup server, an engineer discovered an
unknown application. The analysis showed that the application is communicating with external
addresses on a non- secure, unencrypted channel. Information gathering revealed that the unknown
application does not have an owner and is not being used by a business unit. What are the next two
steps the engineers should take in this investigation? (Choose two.)
Options
Discussion
C/D? I'm not 100% on this, but A and D seem more about proper IR steps and documenting ownership, which lines up with best practices for unknown apps. Kind of split since B has some value too.
A or D. I think these fit what you'd want in a real assessment-find out what data is at risk and try to get asset ownership documented. Official study guides and lab scenarios both drive this point home, but happy to hear if someone thinks B fits better.
Probably B and C. Figuring out who installed the app and locking down creds/patches seems like the first move here.
Be respectful. No spam.
