Which of the following would be BEST for the analyst to perform?

A security analyst is responding to an alert from the SIEM. The alert states that malware was discovered on a host and was not automatically deleted.

Which of the following would be BEST for the analyst to perform?
A . Add a deny-all rule to that host in the network ACL
B. Implement a network-wide scan for other instances of the malware.
C. Quarantine the host from other parts of the network
D. Revoke the client’s network access certificates

Answer: C

Explanation:

When malware is discovered on a host, the best course of action is to quarantine the host from other parts of the network. This prevents the malware from spreading and potentially infecting other hosts. Adding a deny-all rule to the host in the network ACL may prevent legitimate traffic from being processed, implementing a network-wide scan is time-consuming and may not be necessary, and revoking the client’s network access certificates is an extreme measure that may not be warranted.

Reference: CompTIA Security+ Study Guide, pages 113-114

Latest SY0-601 Dumps Valid Version with 396 Q&As

Latest And Valid Q&A | Instant Download | Once Fail, Full Refund

Subscribe
Notify of
guest
0 Comments
Inline Feedbacks
View all comments