ExamTopics Logo
Mail Us[email protected]
Menu
Eccouncil Discussions
exam questions

Exam 312-49v10 All Questions

View all questions & answers for the 312-49v10 exam
Go to Exam

Exam 312-49v10 topic 1 question 661 discussion

Actual exam question from ECCouncil's 312-49v10
Question #: 661
Topic #: 1
[All 312-49v10 Questions]

The information security manager at a national legal firm has received several alerts from the intrusion detection system that a known attack signature was detected against the organization's file server. What should the information security manager do first?

  • A. Disconnect the file server from the network
  • B. Update the anti-virus definitions on the file server
  • C. Report the incident to senior management
  • D. Manually investigate to verify that an incident has occurred
Show Suggested Answer Hide Answer
Suggested Answer: D 🗳️
by 581777a at Aug. 23, 2023, 9:28 p.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
91a7fba
7 months, 3 weeks ago
Correct Answer: D Disconnect the file server (A): This may be a necessary further step if the investigation confirms a serious intrusion, but disconnecting it immediately could disrupt operations and potentially hamper further investigation.
upvoted 3 times
...
581777a
1 year, 2 months ago
Selected Answer: A
A. Disconnect the file server from the network When a known attack signature is detected against a system, the immediate concern is to prevent further compromise and contain the potential damage. Disconnecting the affected server from the network can help isolate it from the attacker and prevent any potential lateral movement or data exfiltration. This action buys time to assess the situation, investigate, and respond effectively to the incident.
upvoted 2 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago