The security administrator is receiving numerous alerts from the internal IDS of a possible Conficker infection spreading through the network via the Windows file sharing services. Given the size of the company which deploys over 20,000 workstations and 1,000 servers, the security engineer believes that the best course of action is to block the file sharing service across the organization by placing ACLs on the internal routers.
Which of the following should the security administrator do before applying the ACL?
A . Quickly research best practices with respect to stopping Conficker infections and implement the solution.
B . Consult with the rest of the security team and get approval on the solution by all the team members and the team manager.
C . Apply the ACL immediately since this is an emergency that could lead to a widespread data compromise.
D . Call an emergency change management meeting to ensure the ACL will not impact core business functions.
Answer: D
Leave a Reply