Examice

Exam CS0-003 All QuestionsBrowse all questions from this exam

Question 170

Two employees in the finance department installed a freeware application that contained embedded malware. The network is robustly segmented based on areas of responsibility. These computers had critical sensitive information stored locally that needs to be recovered. The department manager advised all department employees to turn off their computers until the security team could be contacted about the issue. Which of the following is the first step the incident response staff members should take when they arrive?

Turn on all systems, scan for infection, and back up data to a USB storage device.

Identify and remove the software installed on the impacted systems in the department.

Explain that malware cannot truly be removed and then reimage the devices.

Log on to the impacted systems with an administrator account that has privileges to perform backups.

Segment the entire department from the network and review each computer offline.

Correct Answer: E

Isolating the department from the network and reviewing each computer offline is crucial to prevent further spread of the malware. This step helps in containing the attack and allows the incident response team to analyze the malware and assess the situation without risking additional systems.

Discussion

voiddracoOption: E

Im choosing E because segmenting the department from the network would prevent the potential spread of malware to other parts of the network.

projectgtrOption: E

Containment is priority at this point, E addresses this.

StudybunOption: B

its b.

RiccardoBellittoOption: E

Using Copilot: The first step the incident response staff members should take when they arrive in this situation is to segment the entire department from the network and review each computer offline. Let me explain why: Segmentation and Isolation: The compromised systems should be isolated from the network to prevent further spread of the malware. By segmenting the department, you prevent the malware from affecting other parts of the network. Review Offline: Once isolated, the incident response team can review each computer offline. This allows them to analyze the malware, assess the extent of the compromise, and determine the best course of action for recovery.