A security analyst for a large financial institution is reviewing network traffic related to an incident.
The analyst determines the traffic is irrelevant to the investigation but in the process of the review, the analyst also finds that an applications data, which included full credit card cardholder data, is transferred in clear text between the server and user's desktop. The analyst knows this violates the Payment Card Industry Data Security Standard (PCI-DSS). Which of the following is the analyst's next step?

Question

A security analyst for a large financial institution is reviewing network traffic related to an incident.

The analyst determines the traffic is irrelevant to the investigation but in the process of the review, the analyst also finds that an applications data, which included full credit card cardholder data, is transferred in clear text between the server and user's desktop. The analyst knows this violates the Payment Card Industry Data Security Standard (PCI-DSS). Which of the following is the analyst's next step?

Floran Pikaar · Accepted Answer

Follow organizational processes to alert the proper teams to address the issue.

Floran Pikaar · Answer

Send the log file co-workers for peer review

Floran Pikaar · Answer

Include the full network traffic logs in the incident report

Floran Pikaar · Answer

Ignore data as it is outside the scope of the investigation and the analyst's role.

Question list

List of questions

Question 1

(1)

Question 2

(0)

Question 3

(0)

Question 4

(0)

Question 5

(0)

Question 6

(0)

Question 7

(0)

Question 8

(0)

Question 9

(0)

Question 10

(0)

Related questions

Question 598 - CISSP discussion

Suggested answer: C

0 comments