Which step should the Incident Response team incorporate into their plan of action?

ATP detects a threat phoning home to a command and control server and creates a new incident. The treat is NOT being detected by SEP, but the Incident Response team conducted an indicators of compromise (IOC) search for the machines that are contacting the malicious sites to gather more information.

Which step should the Incident Response team incorporate into their plan of action?
A . Perform a healthcheck of ATP
B . Create firewall rules in the Symantec Endpoint Protection Manager (SEPM) and the perimeter firewall
C . Use ATP to isolate non-SEP protected computers to a remediation VLAN
D . Rejoin the endpoints back to the network after completing a final virus scan

View Answer

Answer: C