An engineer detects an intrusion event inside an organization's network and becomes aware that files that contain personal data have been accessed. Which action must be taken to contain this attack?
A.
Disconnect the affected server from the network.
B.
Analyze the source.
C.
Access the affected server to confirm compromised files are encrypted.
When an intrusion event is detected and personal data has been accessed, the immediate action to contain the attack is to disconnect the affected server from the network. This prevents the attacker from accessing more resources or causing further damage and allows the organization to begin the process of investigating and eradicating the threat
The first action that must be taken to contain this attack is to disconnect the affected server from the network to prevent further damage and spread of the attack. Once the server is isolated, the engineer can then analyze the source of the intrusion, access the affected server to confirm the compromised files are encrypted, and determine the attack surface to prevent future attacks. - ChatGPT
When performing forensics during incident response, an important consideration is how and when the
incident should be contained. Isolating the pertinent systems from external influences may be necessary
to prevent further damage to the system and its data or to preserve evidence. In many cases, the analyst
should work with the incident response team to make a containment decision (e.g., disconnecting network
cables, unplugging power, increasing physical security measures, gracefully shutting down a host). This
decision should be based on existing policies and procedures regarding incident containment, as well as
the teamĂs assessment of the risk posed by the incident, so that the chosen containment strategy or
combination of strategies sufficiently mitigates risk while maintaining the integrity of potential evidence
whenever p
NEW Q* An employee is a victim of a social engineering phone call and installs remote access software to allow an “MS Support” technician to check his machine for malware. The employee becomes suspicious after the remote technician requests payment in the form of gift cards. The employee has copies of multiple, unencrypted database files, over 400 MB each, on his system and is worried that the scammer copied the files off but has no proof of it. The remote technician was connected sometime between 2:00 pm and 3:00 pm over https. What should be determined regarding data loss between the employee’s laptop and the remote technician’s system?
A. No database files were disclosed
B. The database files were disclosed
C. The database files integrity was violated
D. The database files were intentionally corrupted, and encryption is possible
Anydesk access through HTTPS web client can only send files but not download from the sysem. Answer is A.
A. Disconnect the affected server from the network
upvoted 4 times
...
This section is not available anymore. Please use the main Exam Page.350-201 Exam Questions
Log in to ExamTopics
Sign in:
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
TrainingTeam
6Â months, 2Â weeks agoAlizade
1Â year, 4Â months agoDrVoIP
2Â years, 2Â months agokyle942
2Â years, 3Â months agoBobster02
3Â years, 5Â months agoCiscoTester
3Â years, 5Â months agoBobster02
3Â years, 5Â months ago