Answer:
1. internet connection is not enabled on the computer.
2. The DHCP server in the company is not enabled as well.
Explanation:
For a user to access the internet, the computer must have a public IP address that is either assigned to it by a service provider or dynamically from the DHCP server in the computer. In the case of the former, the user just needs to enable the internet connection to obtain the unique IP address.
If the DHCP server or the internet connection is not enabled, the user would not have access to the internet.
Answer:
a. Remove the affected servers from the network.
Explanation:
An organization's incident response process (IRP) can be defined as all of the process involved in the cleanup and recovery of data when they fall victim to an attack or cybersecurity breach. The incident response process comprises of six (6) important stages and these are;
1. Preparation.
2. Detection and analysis (identification).
3. Containment.
4. Eradication.
5. Recovery.
6. Review of incident activities.
When an organization's IRP prioritizes containment over eradication and an incident is discovered, where an attacker outside the organization installed a crypto-currency mining software on the organization's web servers. Given the organization's stated priorities, the cybersecurity engineer should remove the affected servers from the network.
A containment process is focused on taking steps to eliminate or contain the attack. It basically involves acting swiftly in response to the attack, so as to prevent it from spreading across board or in order to mitigate the damage already caused.
In this context, the cybersecurity engineer should remove the affected servers from the network in accordance with the organization's IRP priority (containment).
<em>Furthermore, he could take a step further to contain the attack by installing a firewall and updating their policies in the Intrusion Prevention System (IPS) of the organization. </em>
