CAS-005 · Question #310
CAS-005 Question #310: Real Exam Question with Answer & Explanation
Sign in or unlock CAS-005 to reveal the answer and full explanation for question #310. The question stem and answer options stay visible for context.
Question
While investigating a security event an analyst finds evidence that a user opened an email attachment from an unknown source. Shortly after the user opened the attachment, a group of servers experienced a large amount of network and resource activity. Upon investigating the servers, the analyst discovers the servers were encrypted by ransomware that is demanding payment within 48 hours or all data will be destroyed. The company has no response plans for ransomware. Which of the following is the next step the analyst should take after reporting the incident to the management team?
Options
- APay the ransom within 48 hours
- BIsolate the servers to prevent the spread
- CNotify law enforcement
- DRequest that the affected servers be restored immediately
Unlock CAS-005 to see the answer
You've previewed enough free CAS-005 questions. Unlock CAS-005 for full answers, explanations, the timed quiz mode, progress tracking, and the master PDF. Question stem and options stay visible so you can still see what's on the exam.