Which of the following is the BEST action to take in the incident recovery and post-incident response process?

A security analyst received an alert from the antivirus software identifying a complex instance of malware on a company’s network. The company does not have the resources to fully analyze the malware and determine its effect on the system. Which of the following is the BEST action to take in the incident recovery and post-incident response process?
A. Wipe hard drives, reimage the systems, and return the affected systems to ready state.
B. Detect and analyze the precursors and indicators; schedule a lessons learned meeting.
C. Remove the malware and inappropriate materials; eradicate the incident.
D. Perform event correlation; create a log retention policy.

CS0-002: CompTIA CySA+ Exam

FULL Printable PDF and Software. VALID exam to help you PASS.

comptia-exams

2 thoughts on “Which of the following is the BEST action to take in the incident recovery and post-incident response process?

  1. This question is so fu… up… It would take me A4 to explain all of the mistakes in logic here.
    None of the answers is correct – dyslexic forgot to mention something in the answers or in the question…

Leave a Reply

Your email address will not be published. Required fields are marked *


The reCAPTCHA verification period has expired. Please reload the page.