You discover that an internal server has been communicating with a known command-and-control IP address. Walk through the network-level incident response, including containment, investigation, and remediation steps.

Sample answer preview

Discovering command-and-control communication from an internal server indicates an active compromise that requires immediate, methodical response. The network engineer plays a critical role in containment, evidence preservation, and investigation.