During an incident response, an organization identifies that multiple systems have been compromised. What is the BEST approach to accurately determine the scope of the compromise?
Conduct thorough log analysis and correlate findings with known Indicators of Compromise (IoCs)
Perform a quick scan using antivirus software on all systems
Re-image all suspected systems and return them to operation
Isolate all potentially compromised systems from the network
The best approach to accurately determining the scope of the compromise is to conduct thorough log analysis and correlate findings with known Indicators of Compromise (IoCs). This method ensures that you are identifying all affected systems and understanding the extent of the intrusion. Simply isolating suspected systems or re-imaging them could miss other compromised assets and may not provide a complete picture of the incident.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What are Indicators of Compromise (IoCs)?
Open an interactive chat with Bash
What is thorough log analysis?
Open an interactive chat with Bash
Why is isolating systems not the best initial response?