350-701 · Question #698
350-701 Question #698: Real Exam Question with Answer & Explanation
The correct answer is A. Isolate the endpoint from the network.. When an endpoint exhibits unusual behavior and a suspicious file is discovered, the immediate and most crucial step for a network administrator is to isolate the endpoint from the network to prevent malware spread and further damage.
Question
Options
- AIsolate the endpoint from the network.
- BReset the endpoint password and enable multi-factor authentication.
- CFormat and reinstall the operating system on the endpoint.
- DDisable all non-essential processes running on the endpoint.
Explanation
When an endpoint exhibits unusual behavior and a suspicious file is discovered, the immediate and most crucial step for a network administrator is to isolate the endpoint from the network to prevent malware spread and further damage.
Common mistakes.
- B. Resetting passwords and enabling MFA are important security hygiene practices but do not directly address or contain an active malware infection running on the endpoint.
- C. Formatting and reinstalling the operating system is a destructive remediation step that should typically occur after isolation and thorough investigation, not as the immediate first action.
- D. Disabling non-essential processes might be part of a remediation plan, but it's less comprehensive and effective than network isolation for containing an unknown or active malware threat.
Concept tested. Incident Response: Endpoint Isolation
Reference. https://docs.endpoint.security.cisco.com/en/latest/admin/threats/quarantine_endpoints.html
Topics
Community Discussion
No community discussion yet for this question.