00:01
Hello students, as the first question is to whom the organization should contact regarding the external ip address in the question.
00:09
So the organization should contact the internet service provider that is the isp.
00:20
Service internet service provider that is an isp which is associated with an external ip address in the question.
00:33
So the isp is correspond for the managing and address and allocating the ip address to its customer.
00:40
So contacting the isp is essential because the unusual traffic is organizing from an external source and it's likely that the isp customs is either experiencing a security issue or has an a micro or it has an a misorganized misconfigured system generating the traffic.
01:03
So the isp can investigate the issue from their end and take the appropriate action potentially identify the contact the customer responsible for the traffic.
01:15
As the next second is suppose that after the initial containment so the measurement where put in a place the network administration detected the nine internal host who were also attempting the same unusual request for the dns.
01:35
How would they affect the headline of the handling of this incident? so as it would include as the follows first it will include the internal investigation internal investigation where into this the focus shift for to identifying and addressing the internal cause of unusual dns request.
02:01
So it suggests that there may be a compromised or misconfigured the host with the organization as the b is to isolation isolation and analysis and analysis where the nine the nine internal host generating the unusual traffic should be associated should be isolated from the network to prevent the further harms.
02:32
As the next c part is as the containment containment where any compromised host should be cleaned patched or rebuilt as a necessary.
02:46
So additional corrective measure should be taken to address any network misconfiguration or its vulnerability that allow this host to generate the unusual traffic...