An incident response team is handling a worm infection among their user workstations. They created an IPS signature to detect and block worm activity on the border IPS, then removed the worm’s artifacts or workstations triggering the rule. Despite this action, worm activity continued for days after. Where did the incident response team fail?

An incident response team is handling a worm infection among their user workstations. They created an IPS signature to detect and block worm activity on the border IPS, then removed the worm’s artifacts or workstations triggering the rule. Despite this action, worm activity continued for days after. Where did the incident response team fail?
A . The team did not adequately apply lessons learned from the incident
B . The custom rule did not detect all infected workstations
C . They did not receive timely notification of the security event
D . The team did not understand the worm’s propagation method

Answer: B

Explanation:

Identifying and scoping an incident during triage is important to successfully handling a security incident. The detection methods used by the team didn’t detect all the infected workstations.

Latest GCED Dumps Valid Version with 88 Q&As

Latest And Valid Q&A | Instant Download | Once Fail, Full Refund

Subscribe
Notify of
guest
0 Comments
Inline Feedbacks
View all comments