A company has experienced a breach in their primary network defense mechanism, and sensitive systems are currently vulnerable. Following the containment and eradication phases, which of the following would be the BEST immediate action to lessen the chance of another successful attack until the primary defense can be restored?
Update the incident response plan to include the breach details.
Implement network segmentation to limit lateral movement and isolate sensitive systems.
Conduct a root cause analysis to determine how the breach occurred.
Extend VPN access to all employees to ensure business continuity.
Implementing network segmentation as a compensating control is the best immediate action because it will help contain any potential future breaches by limiting lateral movement across the network, providing time to restore the primary defense mechanisms. Updating the incident response plan is a post-incident activity and so it does not provide immediate risk mitigation. Conducting a root cause analysis is a vital post-incident activity, but it is not immediately helpful in controlling the current vulnerability. Extending VPN access would likely increase the attack surface and is not a suitable compensating control under the circumstances.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is network segmentation and how does it work?
Open an interactive chat with Bash
What does lateral movement mean in the context of cybersecurity?
Open an interactive chat with Bash
What are compensating controls and why are they important?