A security analyst, while doing a security scan using packet capture security tools, noticed large volumes of
data images of company products being exfiltrated to foreign IP addresses. Which of the following is the FIRST
step in responding to scan results?
A.
Incident identification
B.
Implement mitigation
C.
Chain of custody
D.
Capture system image