An IT security engineer notices that the company’s web server is currently being hacked. What should the engineer do next?
An IT security engineer notices that the company’s web server is currently being hacked. What should the engineer do next?
When an IT security engineer notices a company's web server is being hacked, the first step is to record as much information as possible from the attack. This helps in identifying the nature and extent of the breach, which is essential for effective incident response and remediation. Without proper information, it becomes challenging to mitigate the attack and prevent future occurrences. Unplugging the network connection or restarting the server might interrupt the attack but would also erase valuable forensic data needed for analysis.
Answer is A
If you are Polat ALEMDAR you can do it. https://www.youtube.com/watch?v=yLx9B3xVOw8
C is the answer
the web server must be in a DMZ. It is a question from forensic perspective, he has to get as much info as he can to find the indice of compromision. If heunplug the server then he will not know how to fix the problem.
In the above scenario, the company’s web server is hacked. As an IT security engineer, your first task is to unplug the network connection (cable) on the company’s web server from the router and modem in order to prevent further attacks.
It's C. I'm too lazy to explain so look at this reddit thread. https://www.reddit.com/r/CEH/comments/g0aa6u/conflicting_ceh_test_question/
From above provided link: "The CEH model says that you identify and analyze an incident before you contain or eradicate it. What's more, it's very rare that they'd want you to make a change to the system without using an integrated change management process. If you're talking a small company or your own web server, unplugging it might make sense. But what's the maximum tolerable downtime for that server? How much damage is this unspecified hack going to do compared to the cost of shutting down the company's web presence? But that's common sense/real-life talking. For CEH, just memorize the steps in their process (they have a blog article about their steps here): Prepare Identify Contain Eradicate Recover Lessons learned "
I suggest C it is the only answer that makes sense.