Examice

Exam GCIH All QuestionsBrowse all questions from this exam

Question 65

You are responding to an incident in which the organization's Extranet server has been compromised. The Extranet is the browser home page for most users in the organization. You have been instructed to watch the attacker, but minimize the business impact and the risk of further compromise. How can you continue providing services to the organization's users while isolating the compromised server?

Point the domain name to the IP address of a secondary, patched production server

Change the server IP address to a different IP address

Isolate the switch port and put the system on a quarantined VLAN

Rebuild the system during a downtime window and restore the service

Correct Answer: A

To minimize business impact and the risk of further compromise while watching the attacker's actions, you should reroute DNS to a secondary, patched production server. This allows continuous service for users by redirecting them to a secure server, while still monitoring the compromised server. The other options either disrupt service for users or make it more difficult to track the attacker's activity.

Discussion

straleOption: C

Isn't C better option? With option A, you don't isolate attacked server, you just redirect the attack.

straleOption: C

Isn't C better option? With option A, you don't isolate attacked server, you just redirect the attack.