The help desk has received calls from users in multiple locations who are unable to access core network services. The network team has identified and turned off the network switches using remote commands. Which of the following actions should the network team take NEXT?
When users at multiple locations are unable to access core network services, it often points to a significant and widespread network issue. Having turned off the network switches to possibly contain the issue, the next logical step for the network team is to initiate the organization's incident response plan. This plan provides a structured approach to identifying the root cause, mitigating the impact, and restoring normal operations systematically and effectively.
This is such a bad question. All answers are crappy. It seems they just want us to take a wild guess and pick the least crappiest answer. D. Initiate the organization's incident response plan. In the given scenario, since multiple locations are affected, and the network team has identified and turned off the network switches, it suggests a widespread network issue that could have been caused by an attack or a major network fault. Therefore, the next action the network team should take is to initiate the organization's incident response plan. This plan will help them identify the cause of the problem and respond appropriately to minimize the impact and restore normal operations as quickly as possible
I think I figured out what the question author might be getting at in this question. The switches are the victims of a successful MAC flooding attack. It's turning the switches into hubs and flooding the network with huge amounts of traffic causing severe performance and availability problems. The switches are shut down to stop the MAC flooding attack. That's my educated guess.
The question does not give any details at all! What kind of question is this? Did the network team turn off the switchs by mistake? Is there an incident? I mean come on!!
The incident of users being unable to access core network services indicates a potential network outage or disruption. To effectively handle such incidents, organizations typically have an incident response plan in place. The incident response plan outlines the necessary steps and procedures to follow when responding to and mitigating incidents. By initiating the organization's incident response plan, the network team can ensure a structured and coordinated approach to resolving the issue.
The network team has identified WHAT?
Going with D even when question makes no sense.
What an abysmal question. It makes no sense. My blind guess is D.
There is literally no indicator of an incident. This looks like just a switch issue, that might as well be solved with a restart. This question must have something missing in the text.
D. Initiate the organization's incident response plan.
If there is a negative reason to turn off the switches, probably should communicate with IRT If there is not a reason to turn off the switches, the answer is turn them back on. if there is no connection to network services AND the network team turned off switches, maybe we should turn them back on to reconnect the services. no reasoning/explanation for the network teams immediate actions. no communication to the network team. In this real work situation question management needs to be reworked, IRT probably not functional. this real world situation question does not constitute secPlus knowledge. cOmPtIa: u need to assume there was a reson switches were turned off.
Going with B on this one.
semi lock .
Bing says the following: The network team should initiate the organization’s incident response plan. This plan will help the team to identify the root cause of the issue and take appropriate actions to prevent it from happening again in the future.
Disregard the correct answer is D
I am assuming that remote access to the switches is working just fine (because network team turned them off remotely), which means they shouldn't need to be physically at the switch to enter the updates. So I believe D would be the next step? There is no hint of a security breach/leak or etc... of any kind, I can only speculate that this is more of a Networking issue. Really weird question.
Identifying the root cause is the first step in the IR plan.
This is confusing to me because it seems like the network team has already performed the Identification and Containment portions of an incident response plan for whatever problem they're facing, identifying that the network switches are the culprit and taking them out of operation. The next step is then Eradication? "Eradication is the step in which we eliminate the components related to the incident, such as: Malware installed, Closing down the vulnerabilities that caused the incident in the first place by Patching, implementing new firewall rules, etc…" I guess it could be D but it seems like they've already begun the IR, no?