GIAC Certified Incident Handler (GCIH) — Question 158

The Network Operations Center has identified and escalated an active denial of service incident on the mail server and several externally facing web sites to the security team for review. What are the next steps for the NOC team?

Answer options

• A. Issue a company-wide alert to the users detailing the events.
• B. Monitor the events and provide new information directly to the security team.
• C. Contact the web and mail administrators and provide them with the remediation solution.
• D. Enable IPS and firewall controls to mitigate the events.

Correct answer: D

Explanation

The correct answer is D because enabling IPS and firewall controls is a proactive measure to mitigate the impact of the denial of service attack. Options A, B, and C focus on communication rather than immediate action to stop the attack, which is the priority in this situation.