1answer.
Ask question
Login Signup
Ask question
All categories
  • English
  • Mathematics
  • Social Studies
  • Business
  • History
  • Health
  • Geography
  • Biology
  • Physics
  • Chemistry
  • Computers and Technology
  • Arts
  • World Languages
  • Spanish
  • French
  • German
  • Advanced Placement (AP)
  • SAT
  • Medicine
  • Law
  • Engineering
Volgvan
3 years ago
14

An organization's IRP prioritizes containment over eradication. An incident has been discovered where an attacker outside of the

organization has installed crypto-currency mining software on the organization's web servers. Given the organization's stated priorities, which of the following would be the NEXT step?
a. Remove the affected servers from the network.
b. Review firewall and IDS logs to identify possible source IPs.
c. Identify and apply any missing operating system and software patches
d. Delete the malicious software and determine if the servers must be reimaged
Computers and Technology
1 answer:
djyliett [7]3 years ago
5 0

Answer:

a. Remove the affected servers from the network.

Explanation:

An organization's incident response process (IRP) can be defined as all of the process involved in the cleanup and recovery of data when they fall victim to an attack or cybersecurity breach. The incident response process comprises of six (6) important stages and these are;

1. Preparation.

2. Detection and analysis (identification).

3. Containment.

4. Eradication.

5. Recovery.

6. Review of incident activities.

When an organization's IRP prioritizes containment over eradication and an incident is discovered, where an attacker outside the organization installed a crypto-currency mining software on the organization's web servers. Given the organization's stated priorities, the cybersecurity engineer should remove the affected servers from the network.

A containment process is focused on taking steps to eliminate or contain the attack. It basically involves acting swiftly in response to the attack, so as to prevent it from spreading across board or in order to mitigate the damage already caused.

In this context, the cybersecurity engineer should remove the affected servers from the network in accordance with the organization's IRP priority (containment).

<em>Furthermore, he could take a step further to contain the attack by installing a firewall and updating their policies in the Intrusion Prevention System (IPS) of the organization. </em>

You might be interested in
Oliva was a sophomore thriving in college when her father was laid off from his job. Even with financial aid, the family could n
Zielflug [23.3K]

Answer:

Linked Lives

Explanation:

Linked-lives is a popular preposition, the idea is that people who are related to each like father-child or mother-child relationship have similar influencing trajetories of development that cuts across their lives.

6 0
3 years ago
Are Microsoft an Apple more secure from malicious action because of their closed-source approach?
omeli [17]

Yes Microsoft and Apple used the closed-source approach to better secure from malware and make to make their operating systems more user friendly.

7 0
3 years ago
Because assembly language is so close in nature to machine language, it is referred to as a ____________.
Travka [436]

Answer:

low-level language.

Explanation:

6 0
3 years ago
Read 2 more answers
Which of the following binary numbers is equivalent to decimal 4?
melomori [17]

Answer:

b so easy

Explanation:

5 0
3 years ago
Read 2 more answers
The Margin controls adjust what part of the worksheet?
ivann1987 [24]

Answer:

B

Explanation:

6 0
3 years ago
Read 2 more answers
Other questions:
  • A level breach of security could be expected to have a severe or catastrophic adverse effect on organizational operations, organ
    12·1 answer
  • Jackson is teaching the decimal number system. He wants his students to know how to expand numbers by powers of 10. Which is the
    13·2 answers
  • An application is to be written that would allow students to find out their GPA(double) and their total number of credits (an in
    15·1 answer
  • How many answer or point do I answer/need to sent message?
    6·1 answer
  • You get a BRAINLIEST if you help me ASAP!
    11·2 answers
  • Select the correct answer.
    7·1 answer
  • Write a program with a loop that lets the user enter a series of positive integers. The user should enter −1 to signal the end o
    7·1 answer
  • A hacker uses a valid IP address of an internal host, and then from an external system, the hacker attempts to establish a commu
    11·1 answer
  • What is 16/17 simplified?
    14·2 answers
  • In a certain computer program, two positive integers are added together, resulting in an overflow error. Which of the following
    6·1 answer
Add answer
Login
Not registered? Fast signup
Signup
Login Signup
Ask question!