A security analyst received an alert from the antivirus software identifying a c

Question

A security analyst received an alert from the antivirus software identifying a complex instance of malware on a company's network The company does not have the resources to fully analyze the malware and determine its effect on the system Which of the following is the BEST action to take in the incident recovery and post-incident response process? Wipe hard drives, reimage the systems, and return the affected systems to ready state Detect and analyzee precursors and ndicators; schedule a lessons learned meeting Remove the malware and inappropriate materials; eradicate the incident Perform event correlation; create a log retention policy O C O D

Explanation / Answer

Answer)

A security analyst has notices that the antivirus software has detected a complex malware running on the company network. As the company does not have any resources to analyze the malware and also its effect on the systems, the best action would be to -

Wipe hard drives, reimage the systems, and return the affected systems to ready state,

As we are not resourceful enough to analyze the malware and its effect on the systems, thus we will solve the issue by removing the malware. But we do not know how much it has effected the systems. Thus we need to wipe hard drives, and then reimage the system and then make the system ready from the backups.

Related Questions

Navigate

• Browse (All)
• Browse A
• Subjects

---

---

Integrity-first tutoring: explanations and feedback only — we do not complete graded work. Learn more.