1D0-61A · Question #38
1D0-61A Question #38: Real Exam Question with Answer & Explanation
The correct answer is D. Unplug the computer network cable and/or disable the computer's wireless NIC.. Disconnecting the network cable or disabling the wireless NIC immediately cuts off the attacker's communication channel, stopping data exfiltration and preventing further remote commands - all while preserving the system's current state for forensic investigation. Why the distrac
Question
Options
- AShut down the computer.
- BEnable strong encryption on all files on the hard disk.
- CRun anti-virus software on all disks associated with this system.
- DUnplug the computer network cable and/or disable the computer's wireless NIC.
Explanation
Disconnecting the network cable or disabling the wireless NIC immediately cuts off the attacker's communication channel, stopping data exfiltration and preventing further remote commands - all while preserving the system's current state for forensic investigation.
Why the distractors fail:
- A (Shut down): Powering off destroys volatile memory (RAM), which may contain critical evidence like running processes, network connections, or encryption keys - and some malware can survive reboots or manipulate the shutdown process.
- B (Enable encryption): This does nothing to stop an active attacker and could actually lock out legitimate investigators or destroy evidence; it's also too late if the attacker already has access.
- C (Run antivirus): While useful eventually, running AV while the attacker still has an active network connection lets them continue operating, exfiltrate data, or even push updates to evade detection.
Memory tip: Think of it as "stop the bleeding first" - isolate before you investigate. The network cable is the attacker's lifeline; cut it first, then do everything else.
Topics
Community Discussion
No community discussion yet for this question.