What should be his first course of action to deal with the incident?

Kyle, a front office executive, suspects that a Trojan has infected his computer.

What should be his first course of action to deal with the incident?
A . Contain the damage
B . Disconnect the five infected devices from the network
C . Inform the IRT about the incident and wait for their response
D . Inform everybody in the organization about the attack

View Answer

Answer: A

Explanation:

When a Trojan is suspected to have infected a computer, the first course of action should be to contain the damage to prevent the malware from spreading or causing further harm. This involves disconnecting the infected device from the network to isolate it and prevent the Trojan from communicating with potential command and control servers or infecting other systems123. While informing the Incident Response Team (IRT) and other members of the organization is also important, these actions come after the immediate threat has been contained. Therefore, the correct answer is to contain the damage (A), which aligns with the Certified Network Defender (CND) objectives that prioritize immediate containment to minimize the impact of security incidents45678.

Reference: The response is based on best practices for dealing with Trojans as outlined in network security and incident response guidelines, including those from the EC-Council’s Certified Network Defender (CND) program. The CND framework emphasizes the importance of quick containment to protect network integrity and prevent further damage45678.