A company's cloud infrastructure is experiencing erratic performance and the security team suspects a potential malware infection on several virtual servers. What should be the FIRST action to ensure a proper response to this suspected security incident?
Activate the EDR system's isolation feature for the affected virtual servers.
Run a full system scan on all network nodes without any preliminary containment measures.
Check system logs for irregularities before taking action on the virtual servers.
Reboot the affected virtual servers to interrupt potential malicious processes.
Activating the EDR system's isolation feature for the affected virtual servers would be the first action to take. By isolating the servers, this prevents the potential malware from spreading to other systems and limits the infection within a controlled environment. The isolation helps in containing the threat while further investigation and remediation actions are taken. Running a full system scan without first isolating the affected machines might result in the malware's proliferation through the network. Checking logs is important but initial isolation prioritizes containment. Rebooting may disrupt critical forensic evidence.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is EDR and how does it work?
Open an interactive chat with Bash
Why is isolating infected virtual servers important?
Open an interactive chat with Bash
What are best practices for responding to a suspected malware infection?