SY0-501 · Question #109
SY0-501 Question #109: Real Exam Question with Answer & Explanation
Sign in or unlock SY0-501 to reveal the answer and full explanation for question #109. The question stem and answer options stay visible for context.
Question
Multiple employees receive an email with a malicious attachment that begins to encrypt their hard drives and mapped shares on their devices when it is opened. The network and security teams perform the following actions: * Shut down all network shares. * Run an email search identifying all employees who received the malicious message. * Reimage all devices belonging to users who opened the attachment. Next, the teams want to re-enable the network shares. Which of the following BEST describes this phase of the incident response process?
Options
- AEradication
- BContainment
- CRecovery
- DLessons learned
Unlock SY0-501 to see the answer
You've previewed enough free SY0-501 questions. Unlock SY0-501 for full answers, explanations, the timed quiz mode, progress tracking, and the master PDF. Question stem and options stay visible so you can still see what's on the exam.