A systems administrator has isolated an infected system from the network and terminated the malicious process from executing. Which of the following should the administrator do NEXT according to the incident response process?
A) Restore lost data from a backup.
B) Wipe the system.
C) Document the lessons learned.
D) Determine the scope of impact.
Correct Answer:
Verified
Q952: An audit reported has identifies a weakness
Q953: An analyst receives an alert from the
Q954: A software development manager is taking over
Q955: When performing data acquisition on a workstation,
Q956: An organization is expanding its network team.
Q958: A security analyst is securing smartphones and
Q959: A systems administrator wants to implement a
Q960: A security analyst is reviewing the following
Q961: A Chief Information Security Officer (CISO) asks
Q962: An organization hosts a public-facing website that
Unlock this Answer For Free Now!
View this answer and more for free by performing one of the following actions
Scan the QR code to install the App and get 2 free unlocks
Unlock quizzes for free by uploading documents