A user reports a malware alert to the help desk. A technician verities the alert, determines the workstation is classified as a low-severity device, and uses network controls to block access. The technician then assigns the ticket to a security analyst who will complete the eradication and recovery processes.
Which of the following should the security analyst do next?
A . Document the procedures and walk through the incident training guide.
B . Reverse engineer the malware to determine its purpose and risk to the organization.
C . Sanitize the workstation and verify countermeasures are restored.
D . Isolate the workstation and issue a new computer to the user.
Answer: C
Explanation:
Sanitizing the workstation and verifying countermeasures are restored are part of the eradication and recovery processes that the security analyst should perform next. Eradication is the process of removing malware or other threats from the affected systems, while recovery is the process of restoring normal operations and functionality to the affected systems. Sanitizing the workstation can involve deleting or wiping any malicious files or programs, while verifying countermeasures are restored can involve checking and updating any security controls or settings that may have been compromised.
Reference: https://www.cynet.com/incident-response/incident-response-sans-the-6-steps-in-depth/
Latest CS0-003 Dumps Valid Version with 128 Q&As
Latest And Valid Q&A | Instant Download | Once Fail, Full Refund