A malware outbreak is detected by the SIEM and is confirmed as a true positive. The incident response team follows the playbook to mitigate the threat. What is the first action for the incident response team?
A.
Assess the network for unexpected behavior
B.
Isolate critical hosts from the network
C.
Patch detected vulnerabilities from critical hosts
D.
Perform analysis based on the established risk factors
The first action for an incident response team following the detection of a malware outbreak is to isolate critical hosts from the network. This containment strategy is crucial to prevent the spread of the malware to other parts of the network and to minimize the impact while the team works on eradicating the threat and recovering from the incident4.
Contribute your Thoughts:
Chosen Answer:
This is a voting comment (?). You can switch to a simple comment. It is better to Upvote an existing comment if you don't have anything to add.
Submit