Which of the following steps would be best to perform FIRST?

CAS-004 V2 0 Comments

A host on a company’s network has been infected by a worm that appears to be spreading via SMB. A security analyst has been tasked with containing the incident while also maintaining evidence for a subsequent investigation and malware analysis.

Which of the following steps would be best to perform FIRST?
A . Turn off the infected host immediately.
B . Run a full anti-malware scan on the infected host.
C . Modify the smb.conf file of the host to prevent outgoing SMB connections.
D . Isolate the infected host from the network by removing all network connections.

Answer: D

Latest CAS-004 Dumps Valid Version with 128 Q&As

Latest And Valid Q&A | Instant Download | Once Fail, Full Refund

Instant Download CAS-004 PDF     CAS-004 Questions Online Training
Subscribe
Notify of
guest
0 Comments
Inline Feedbacks
View all comments