During a recent incident, an external attacker was able to exploit an SMB vulnerability over the internet. Which
of the following action items should a security analyst perform FIRST to prevent this from occurring again?
A. Check for any recent SMB CVEs.
B. Install AV on the affected server.
C. Block unneeded TCP 445 connections.
D. Deploy a NIDS in the affected subnet.
of the following action items should a security analyst perform FIRST to prevent this from occurring again?
A. Check for any recent SMB CVEs.
B. Install AV on the affected server.
C. Block unneeded TCP 445 connections.
D. Deploy a NIDS in the affected subnet.