200-201 · Question #488
200-201 Question #488: Real Exam Question with Answer & Explanation
The correct answer is C: Isolate the infected endpoint from the network.. According to the NIST Computer Security Incident Handling Guide, once a malicious file is confirmed, the next step is to contain the threat to prevent further damage. This involves isolating the infected endpoint from the network to stop the spread of the malware and limit its im
Question
A security team received a ticket regarding a potentially malicious file found on a company server. A security team confirmed that the file is malicious and identified it as a new trojan. According to the NIST Computer Security Incident Handling Guide, what is the next step in handling this type of incident?
Options
- APerform forensics analysis on the infected endpoint.
- BPrioritize incident handling based on the impact.
- CIsolate the infected endpoint from the network.
- DCollect public information on the malware behavior.
Explanation
According to the NIST Computer Security Incident Handling Guide, once a malicious file is confirmed, the next step is to contain the threat to prevent further damage. This involves isolating the infected endpoint from the network to stop the spread of the malware and limit its impact on other systems. Containment is a critical step before further analysis or mitigation.
Topics
Community Discussion
No community discussion yet for this question.