A security analyst notices anomalous activity coming from several workstations in the organizations. Upon identifying and containing the issue, which of the following should the security analyst do NEXT?
A. Document and lock the workstations in a secure area to establish chain of custody
B. Notify the IT department that the workstations are to be reimaged and the data restored for reuse
C. Notify the IT department that the workstations may be reconnected to the network for the users to continue working
D. Document findings and processes in the after-action and lessons learned report
Answer: D. Document findings and processes in the after-action and lessons learned report
Computer Science & Information Technology
You might also like to view...
What MMC can be used for configuring clients for client-side targeting?
A. gpedit.msc B. lgpo.msc C. cpmgmt.msc D. gpoedit.msc
Computer Science & Information Technology
The devices that feed data and programs into computers are called output devices.
Answer the following statement true (T) or false (F)
Computer Science & Information Technology