After detecting a malware outbreak on several endpoints within an organization, which of the following is the BEST initial step to prevent the spread of the infection while minimizing the impact on business operations?
Change all user passwords.
Turn off the affected systems immediately.
Monitor the systems for any additional abnormal activities.
Isolating the affected systems is the best initial containment step as it prevents the spread of malware to other network resources while preserving the systems for further analysis. Isolation ensures that the organization can maintain business continuity with unaffected systems. Turning off the affected systems might prevent the potential spread but will result in loss of volatile data and impede further investigation, while monitoring the systems does not actively contain the spread. Changing user passwords does not address the malware infection directly and may be a distraction from more urgent containment procedures.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
Why is isolating affected systems important in a malware outbreak?
Open an interactive chat with Bash
What are the potential consequences of turning off affected systems immediately?
Open an interactive chat with Bash
How does monitoring affected systems differ from isolation in malware containment?