ExamTopics Logo
Mail Us[email protected]
Menu
Comptia Discussions
exam questions

Exam SY0-601 All Questions

View all questions & answers for the SY0-601 exam
Go to Exam

Exam SY0-601 topic 1 question 721 discussion

Actual exam question from CompTIA's SY0-601
Question #: 721
Topic #: 1
[All SY0-601 Questions]

A cybersecurity incident response team at a large company receives notification that malware is present on several corporate desktops. No known indicators of compromise have been found on the network. Which of the following should the team do first to secure the environment?

  • A. Contain the impacted hosts.
  • B. Add the malware to the application blocklist.
  • C. Segment the core database server.
  • D. Implement firewall rules to block outbound beaconing.
Show Suggested Answer Hide Answer
Suggested Answer: A 🗳️
by predsednik at Oct. 6, 2023, 8:18 a.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
predsednik
Highly Voted 1 year, 8 months ago
Selected Answer: A
A. Contain the impacted hosts. The incident response process on the exam has six steps— 1.preparation, 2. identification, 3. CONTAINMENT - THIS is where we are now in this example 4. eradication, 5. recovery, and 6. lessons learned.
upvoted 12 times
...
shady23
Most Recent 1 year, 1 month ago
Selected Answer: A
A. Contain the impacted hosts. Containing the impacted hosts involves isolating or quarantining the affected systems from the rest of the network to prevent further spread of the malware and mitigate potential damage. Once contained, the incident response team can proceed with investigating the malware, analyzing its behavior, and determining the appropriate remediation steps. This initial containment step helps prevent the malware from spreading to other systems and compromising additional parts of the network while the investigation and response efforts are underway.
upvoted 2 times
...
BlackSpider
1 year, 8 months ago
Selected Answer: A
A. Contain the impacted hosts: Containment is often the first step in incident response to prevent the malware from spreading further or causing additional damage. By containing the impacted hosts, you're isolating them to prevent potential lateral movement or communication with a command and control server. The other options, while potentially valuable in certain contexts, are not the immediate first steps in this scenario
upvoted 4 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel