A Chief Information Security Officer (CISO) has instructed the information assurance staff to act upon a fast-spreading virus. Which of the following steps in the incident response process should be taken NEXT?
key word here is "instructed to act upon on a fast spreading virus" with the options of answers available, identification is the first step in responding to the incidence with assumption that preparation was done already.
I'd pick D, just saying. iphy is right about, "instructed to act upon a fast spreading virus" but one thing he was wrong on, this is one of two component of containment definition NOT the definition of identification. Now, when looking at the NIST, this also can be defined as an active identification, but I'm thinking CompTIA would add the word active since this is a reading comprehension certification, but who knows....
"Containment. Malware incident containment has two major components: stopping the spread of malware and preventing further damage to hosts. Nearly every malware incident requires containment actions. In addressing an incident, it is important for an organization to decide which methods of containment to employ initially, early in the response."
"(Chief Information Security Officer) Typically, the job title of the person with overall responsibility for INFORMATION ASSURANCE assurance and systems security. Sometimes referred to as Chief Information Officer (CIO)".
Link Below - NIST 800-83 Rev.1 document/PDF
https://nvlpubs.nist.gov/nistpubs/specialpublications/nist.sp.800-83r1.pdf
how does the CISO know its a virus? its already been identified as such. "act upon" tells me containment should be answer. because otherwise, you should go back to the very start, preparation. if i can't assume identification has been done, why are you assuming preparation has been done .
To all commenters, we know the chronological steps, our issue is the gray dividing line off when it has been identified!! I am assuming that if the given answer is correct, then you do not start containment until the virus has a Proper Name and a concrete scope is defined....would we start containment if the CISO says "DooDoo Virus-19", with malware signature DDS-134kv709 (made up name and sig) has been determined to reside on Hosts Wk15, Wk308, and Svr WebMaster10000?
What I need to be able to determine is EXACTLY what all information I need to say "Well, we have Id'd this virus...NOW CONTAIN...Seems the dividing line between ID and CONTAIN is subjective...COMPTIA SUCKS!!
upvoted 4 times
...
...
...
...
This section is not available anymore. Please use the main Exam Page.SY0-501 Exam Questions
Log in to ExamTopics
Sign in:
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
Rajer
Highly Voted 4 years, 11 months agoiphy
Highly Voted 4 years, 10 months agoDion79
Most Recent 3 years, 11 months agomarvin_J
4 years agosimo77
4 years, 1 month agoL1singh
4 years, 1 month agoNot_My_Name
4 years, 6 months agoCoRell
4 years, 8 months agoxtf5x
4 years, 11 months agoburlatch
4 years, 11 months agoMagicianRecon
4 years, 10 months agowho__cares123456789___
4 years, 3 months agowho__cares123456789___
4 years, 3 months ago