Use of a computer to commit a crime on the internet is generally the subject of federal jurisdiction. Please choose answer (a) if this statement is true or (b) if this statement is false

A security analyst receives an alert that highly sensitive information has left the company's network. Upon investigation, the analyst discovers an outside IP range has had connections from three servers more than 100 times in the past month. The affected servers are virtual machines. Which of the following is the BEST course of action?

A. Shut down the servers as soon as possible, move them to a clean environment, restart, run a vulnerability scanner to find weaknesses, determine the root cause, remediate, and report. B. Report the data exfiltration to management, take the affected servers offline, conduct an antivirus scan, remediate all threats found, and return the servers to service. C. Disconnect the affected servers from the network, use the virtual machine console to access the systems, determine which information has left the network, find the security weakness, and remediate. D. Determine if any other servers have been affected, snapshot any servers found, determine the vector that was used to allow the data exfiltration, fix any vulnerabilities, remediate, and report.

To the user, data processing procedures for routine transactions, such as entering sales orders, appear to be identical in the database environment and in the traditional environment.

Answer the following statement true (T) or false (F)