GIAC
GCIH · Question #576
A company's internal LAN is being scanned by a compromised workstation. Which of the following is a 'Containment Phase' action that protects volatile data?
Sign in or unlock GCIH to reveal the answer and full explanation for question #576. The question stem and answer options stay visible for context.
Incident Response & Cyber Kill Chain
Question
A company's internal LAN is being scanned by a compromised workstation. Which of the following is a 'Containment Phase' action that protects volatile data?
Options
- ADisconnect the compromised host's network cable and perform a graceful shutdown
- BImage the compromised host's RAM then disable the host's upstream switch port
- CPlace a passive hub between the compromised host and its upstream switch
- DEnable the compromised host's OS-level firewall and set the first rule to deny all
Unlock GCIH to see the answer
You've previewed enough free GCIH questions. Unlock GCIH for full answers, explanations, the timed quiz mode, progress tracking, and the master PDF. Question stem and options stay visible so you can still see what's on the exam.
Topics
#incident containment#volatile data#RAM imaging#network isolation