After detecting a malware outbreak on several endpoints within an organization, which of the following is the BEST initial step to prevent the spread of the infection while minimizing the impact on business operations?
Isolate the affected systems from the network.
Monitor the systems for any additional abnormal activities.
Isolating the affected systems is the best initial containment step because it prevents the malware from reaching additional network resources while preserving the compromised hosts for later forensic analysis. Isolation lets unaffected systems continue to operate, supporting business continuity. Turning off the hosts could stop propagation but would erase volatile data and hinder investigation. Simply monitoring suspicious hosts does nothing to halt lateral movement. Changing user passwords does not directly address the active malware and diverts attention from more urgent containment tasks.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What does it mean to isolate a system from the network?
Open an interactive chat with Bash
Why is it important to preserve volatile data during a malware incident?
Open an interactive chat with Bash
Why isn’t changing all user passwords an effective initial response to malware?