GCIH · Question #474
GCIH Question #474: Real Exam Question with Answer & Explanation
The correct answer is C: The production webserver is communicating with a malicious host through an encrypted tunnel. According to the FIRST organization's incident Case Classification, the criteria for immediate response is the criticality of the system impacted by the incident. Although malware on the CIO's laptop needs to be addressed, the impact of the malware is on an individual system. The
Question
Options
- AThe hard drive on a seldom-used FTP server has been filled up by an unauthorized user
- BA former employee sent an insulting email to the HR department, and the attachment was
- CThe production webserver is communicating with a malicious host through an encrypted tunnel
- DAn unknown application on the CIO's laptop is redirecting his web searches to another search
Explanation
According to the FIRST organization's incident Case Classification, the criteria for immediate response is the criticality of the system impacted by the incident. Although malware on the CIO's laptop needs to be addressed, the impact of the malware is on an individual system. The email to the HR department does not impact any critical systems, and has already been contained by AV software. The FTP server, though technically in a denial-of-service attack, is used only occasionally by employees and isn't as critical as the webserver. A program on the webserver communicating with an unknown IP address is a high priority for containment because, for an online-only business, the webserver is critical infrastructure, and the encrypted tunnel could contain payment data or, potentially, commands to control the webserver.
Topics
Community Discussion
No community discussion yet for this question.