VMware Security Specialist (2022) — Question 2

An administrator is investigating an alert and reads a summary that says:
The application powershell.exe was leveraged to make a potentially malicious network connection.
Which action should the administrator take immediately to block that connection?

Answer options

Correct answer: D

Explanation

The correct action is to Click Drop Connection, as it immediately stops the potentially harmful network connection initiated by powershell.exe. The other options, such as deleting the application or quarantining the asset, do not provide an immediate solution to block the connection.