Welcome to ExamTopics
ExamTopics Logo
- Expert Verified, Online, Free.
Mail Us[email protected]
Menu
Eccouncil Discussions
exam questions

Exam 312-50 All Questions

View all questions & answers for the 312-50 exam
Go to Exam

Exam 312-50 topic 5 question 14 discussion

Actual exam question from ECCouncil's 312-50
Question #: 14
Topic #: 5
[All 312-50 Questions]

An IT security engineer notices that the company’s web server is currently being hacked. What should the engineer do next?

  • A. Unplug the network connection on the company’s web server.
  • B. Determine the origin of the attack and launch a counterattack.
  • C. Record as much information as possible from the attack.
  • D. Perform a system restart on the company’s web server.
Show Suggested Answer Hide Answer
Suggested Answer: C 🗳️
by Sprasashu at Aug. 28, 2020, 1:48 a.m.

Comments

Chosen Answer:
This is a voting comment (?) , you can switch to a simple comment.
Switch to a voting comment New
Submit Cancel
greeklover84
5 months, 2 weeks ago
Selected Answer: C
I suggest C it is the only answer that makes sense.
upvoted 1 times
...
YetiSpaghetti
1 year, 10 months ago
It's C. I'm too lazy to explain so look at this reddit thread. https://www.reddit.com/r/CEH/comments/g0aa6u/conflicting_ceh_test_question/
upvoted 1 times
NikoTomas
8 months, 2 weeks ago
From above provided link: "The CEH model says that you identify and analyze an incident before you contain or eradicate it. What's more, it's very rare that they'd want you to make a change to the system without using an integrated change management process. If you're talking a small company or your own web server, unplugging it might make sense. But what's the maximum tolerable downtime for that server? How much damage is this unspecified hack going to do compared to the cost of shutting down the company's web presence? But that's common sense/real-life talking. For CEH, just memorize the steps in their process (they have a blog article about their steps here): Prepare Identify Contain Eradicate Recover Lessons learned "
upvoted 1 times
...
...
salei
1 year, 12 months ago
Selected Answer: A
In the above scenario, the company’s web server is hacked. As an IT security engineer, your first task is to unplug the network connection (cable) on the company’s web server from the router and modem in order to prevent further attacks.
upvoted 2 times
...
Vermil
3 years, 11 months ago
C is the answer
upvoted 3 times
...
amal1302
4 years, 1 month ago
the web server must be in a DMZ. It is a question from forensic perspective, he has to get as much info as he can to find the indice of compromision. If heunplug the server then he will not know how to fix the problem.
upvoted 2 times
...
Sprasashu
4 years, 3 months ago
Answer is A
upvoted 3 times
hcakyol
4 years, 1 month ago
If you are Polat ALEMDAR you can do it. https://www.youtube.com/watch?v=yLx9B3xVOw8
upvoted 2 times
...
...

Get IT Certification

Unlock free, top-quality video courses on ExamTopics with a simple registration. Elevate your learning journey with our expertly curated content. Register now to access a diverse range of educational resources designed for your success. Start learning today with ExamTopics!

Start Learning for free
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel