ISC2 Systems Security Certified Practitioner (SSCP) Practice Question
During an incident review, you discover that a Windows file server has been encrypted by a newly released strain of ransomware that is not yet detected by your anti-malware signatures. Daily offline backups exist, and a documented incident-response plan is in place. According to industry-recognized remediation and recovery best practices, what should you do first to limit business impact?
Notify law enforcement and wait for further instructions before taking additional action.
Immediately remove the compromised server from the network to contain the infection.
Update enterprise anti-malware signatures and run a full scan across all hosts.
Begin wiping the server and restore all data from the most recent known-good backup.
The first priority after identifying active ransomware is containment to stop the malware from spreading or communicating with its command-and-control infrastructure. Physically or logically disconnecting the infected server from the network prevents the ransomware from propagating to other systems and halts further data encryption. Only after containment is confirmed should the team proceed with eradication steps such as wiping the system, restoring from clean backups, applying patches, and improving defenses. Paying the ransom is discouraged, and updating signatures or contacting law enforcement, while important, does not immediately stop ongoing damage.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
Why is containment the first priority during a ransomware attack?
Open an interactive chat with Bash
What is a command-and-control infrastructure in ransomware attacks?
Open an interactive chat with Bash
How do offline backups help in recovering from a ransomware attack?
Open an interactive chat with Bash
ISC2 Systems Security Certified Practitioner (SSCP)
Systems and Application Security
Your Score:
Report Issue
Bash, the Crucial Exams Chat Bot
AI Bot
Loading...
Loading...
Loading...
Pass with Confidence.
IT & Cybersecurity Package
You have hit the limits of our free tier, become a Premium Member today for unlimited access.
Military, Healthcare worker, Gov. employee or Teacher? See if you qualify for a Community Discount.
Monthly
$19.99 $11.99
$11.99/mo
Billed monthly, Cancel any time.
$19.99 after promotion ends
3 Month Pass
$44.99 $26.99
$8.99/mo
One time purchase of $26.99, Does not auto-renew.
$44.99 after promotion ends
Save $18!
MOST POPULAR
Annual Pass
$119.99 $71.99
$5.99/mo
One time purchase of $71.99, Does not auto-renew.
$119.99 after promotion ends
Save $48!
BEST DEAL
Lifetime Pass
$189.99 $113.99
One time purchase, Good for life.
Save $76!
What You Get
All IT & Cybersecurity Package plans include the following perks and exams .