🏷️ LIMITED TIME OFFER: GET 20% OFF GRADE+ YEARLY SUBSCRIPTION →
Log in
Computer Science
10
answers
1
watching
204
views

A host on a company's network has been infected by a worm that appears to be spreading via SMB. A security analyst has been tasked with containing the incident while also maintaining evidence for a subsequent investigation and malware analysis.

Which of the following steps would be best to perform FIRST?

  1. Turn off the infected host immediately.
  2. Run a full anti-malware scan on the infected host.
  3. Modify the smb.conf file of the host to prevent outgoing SMB connections.
  4. Isolate the infected host from the network by removing all network connections.

Watch
10
answers
1
watching
204
views

For unlimited access to Homework Help, a Homework+ subscription is required.

Avatar image
Liked by myrrcenary and 2 others

Unlock all answers

Get 1 free homework help answer.
Already have an account? Log in
Share
Avatar image
Liked by myrrcenary and 2 others
Already have an account? Log in
Share
Avatar image
Liked by myrrcenary and 1 others
Already have an account? Log in
Share
Avatar image
Liked by myrrcenary and 2 others
Already have an account? Log in
Share
Avatar image
Read by 1 person
Already have an account? Log in
Share
Avatar image
Read by 1 person
Already have an account? Log in
Share
Avatar image
Read by 1 person
Already have an account? Log in
Share
Avatar image
Read by 1 person
Already have an account? Log in
Share
Avatar image
Read by 1 person
Already have an account? Log in
Share
Avatar image
Read by 1 person
Already have an account? Log in
Share

Related questions

C or D 

A security analyst observes the following while looking through network traffic in a company's cloud log:

Which of the following steps should the security analyst take FIRST?

Options:

A Quarantine 10.0.5.52 and run a malware scan against the host.
B Access 10.0.5.52 via EDR and identify processes that have network connections.
C Isolate 10.0.50.6 via security groups.
D Investigate web logs on 10.0.50.6 to determine if this is normal traffic.

While investigating a security event, an analyst finds evidence that a user opened an email attachment from an unknown source. Shortly after the user opened the attachment, a group of servers experienced a large amount of network and resource activity. Upon investigating the servers, the analyst discovers the servers were encrypted by ransomware that is demanding payment within 48 hours or all data will be destroyed. The company has no response plans for ransomware.
Which of the following is the NEXT step the analyst should take after reporting the incident to the management team?

  • A. Pay the ransom within 48 hours.
  • B. Isolate the servers to prevent the spread.
  • C. Notify law enforcement.
  • D. Request that the affected servers be restored immediately.

Note : one source is saying B and other source is saying C ... i am confused . Please help to guide with the correct information 

A Or D ??? 

A security analyst is trying to identify the source of a recent data loss incident. The analyst has reviewed all the logs the time surrounding the incident and identified all the assets on the network at the time of the data loss. The analyst suspect the key to finding the source was obfuscated in an application. Which of the following should the analyst use NEXT?

  1. Software decomplier
  2. Network enumerator
  3. Log reduction and analysis tool
  4. Static code analysis
  5.  

Weekly leaderboard

Home
Homework Help 3,900,000
Computer Science 2,000
Start filling in the gaps now
Log in