CS0-003 · Question #557
CS0-003 Question #557: Real Exam Question with Answer & Explanation
The correct answer is B: Disconnect from the network and leave the PC turned on.. The symptoms suggest that the computer may be compromised, potentially with malware or unauthorized remote access. The first step in incident response is containment to prevent further spread or damage. Disconnecting the device from the network isolates it, preventing the attacke
Question
A user's computer is performing slower than the day before, and unexpected windows continually open and close. The user did not install any new programs, and after the user restarted the desktop, the issue was not resolved. Which of the following incident response actions should be taken next?
Options
- ARestart in safe mode and start a virus scan.
- BDisconnect from the network and leave the PC turned on.
- CContain the device and implement a legal hold.
- DReformat and reimage the OS.
Explanation
The symptoms suggest that the computer may be compromised, potentially with malware or unauthorized remote access. The first step in incident response is containment to prevent further spread or damage. Disconnecting the device from the network isolates it, preventing the attacker from continuing operations or accessing additional systems. Leaving the PC turned on preserves volatile data (e.g., memory contents, active connections) that may be critical for forensic analysis.
Topics
Community Discussion
No community discussion yet for this question.