Performing CyberOps Using Cisco Security Technologies (CBRCOR) — Question 84

A SOC team is investigating a recent, targeted social engineering attack on multiple employees. Cross-correlated log analysis revealed that two hours before the attack, multiple assets received requests on TCP port 79. Which action should be taken by the SOC team to mitigate this attack?

Answer options

• A. Disable BIND forwarding from the DNS server to avoid reconnaissance.
• B. Disable affected assets and isolate them for further investigation.
• C. Configure affected devices to disable NETRJS protocol.
• D. Configure affected devices to disable the Finger service.

Correct answer: D

Explanation

The correct answer is D because the Finger service, which operates on TCP port 79, can be exploited for information gathering, making it a target for attackers. Disabling this service helps secure the assets from further probing. Options A and C do not directly address the vulnerabilities associated with the Finger service, and option B, while it may be a necessary step, does not mitigate the specific risk posed by the service itself.