An organization’s IRP prioritizes containment over eradication. An incident has been discovered where an attacker outside of the organization has installed cryptocurrency mining software on the organization’s web servers.
Given the organization’s stated priorities, which of the following would be the NEXT step?
A . Remove the affected servers from the network.
B . Review firewall and IDS logs to identify possible source IPs.
C . Identify and apply any missing operating system and software patches.
D . Delete the malicious software and determine if the servers must be reimaged.
Answer: A
Explanation:
Now, since the organization top priority is more of containment over eradication, an outbreak code that is hostile as a can be suppressed effectively by removing the web server completely from the overall network facilities or infrastructure. Also, if the affected servers are not removed, it might affect the integrity, confidentiality of sensitive materials or documents which will be exposed to the outside world by the attacker. Read more on Brainly.com – https://brainly.com/question/16835492#readmore
Leave a Reply