Which of the following steps would be best to perform FIRST?

CAS-004 V3 0 Comments

A host on a company’s network has been infected by a worm that appears to be spreading via SMB. A security analyst has been tasked with containing the incident while also maintaining evidence for a subsequent investigation and malware analysis.

Which of the following steps would be best to perform FIRST?
A . Turn off the infected host immediately.
B. Run a full anti-malware scan on the infected host.
C. Modify the smb.conf file of the host to prevent outgoing SMB connections.
D. Isolate the infected host from the network by removing all network connections.

Answer: D

Latest CAS-004 Dumps Valid Version with 128 Q&As

Latest And Valid Q&A | Instant Download | Once Fail, Full Refund

Instant Download CAS-004 PDF     CAS-004 Questions Online Training
Subscribe
Notify of
guest
0 Comments
Inline Feedbacks
View all comments