An engineer detects an intrusion event inside an organization’s network and becomes aware that files that contain personal data have been accessed. Which action must be taken to contain this attack?
A.
Disconnect the affected server from the network.
B.
Analyze the source.
C.
Access the affected server to confirm compromised files are encrypted.
When an intrusion event is detected and personal data has been accessed, the immediate action to contain the attack is to disconnect the affected server from the network. This prevents the attacker from accessing more resources or causing further damage and allows the organization to begin the process of investigating and eradicating the threat
Contribute your Thoughts:
Chosen Answer:
This is a voting comment (?). You can switch to a simple comment. It is better to Upvote an existing comment if you don't have anything to add.
Submit