Which of the following would be BEST for the analyst to perform?
A security analyst is responding to an alert from the SIEM. The alert states that malware was discovered on a host and was not automatically deleted.
Which of the following would be BEST for the analyst to perform?
A . Add a deny-all rule to that host in the network ACL
B. Implement a network-wide scan for other instances of the malware.
C. Quarantine the host from other parts of the network
D. Revoke the client’s network access certificates
Answer: C
Explanation:
When malware is discovered on a host, the best course of action is to quarantine the host from other parts of the network. This prevents the malware from spreading and potentially infecting other hosts. Adding a deny-all rule to the host in the network ACL may prevent legitimate traffic from being processed, implementing a network-wide scan is time-consuming and may not be necessary, and revoking the client’s network access certificates is an extreme measure that may not be warranted.
Reference: CompTIA Security+ Study Guide, pages 113-114
Latest SY0-601 Dumps Valid Version with 396 Q&As
Latest And Valid Q&A | Instant Download | Once Fail, Full Refund