contestada

An organization's IRP prioritizes containment over eradication. An incident has been discovered where an attacker outside of the organization has installed cryptocurrency mining software on the organization's web servers. Given the organization's stated priorities, which of the following would be the NEXT step?
A. Remove the affected servers from the network.
B. Review firewall and IDS logs to identify possible source IPs.
C. Identify and apply any missing operating system and software patches
D. Delete the malicious software and determine if the servers must be reimaged

Respuesta :

azikennamdi

Answer:

The correct answer is B  

Explanation:

Containment is a system of security whereby all form of access on the information technology system (to files, information, networks etc) is controlled through points of entry or access.

By reviewing firewall and Intrusion detection systems (IDS) logs to identify the possible source of the intrusion, the company can truncate access into their network by the hacker.

Cheers!

Otras preguntas