You are the security administrator for your company. Your company's network contains over 20,000 desktop computers and 1,000 servers that all run some version of Windows. You have received numerous alerts from the internal IDS of a possible malware infection spreading through the network via the Windows file sharing services. This is an emergency situation that could lead to widespread data

compromise. A security analyst believes that the best course of action is to block the file sharing service across the organization by placing ACLs on the internal routers. Which of the following should you do before applying the ACLs?

A. Call an emergency change management meeting to ensure the ACLs will not impact core business functions.
B. Apply changes to the ACLs immediately.
C. Meet with the entire security team to obtain approval on the solution.
D. Implement the solution immediately if it is considered a best practice.

A
Explanation: Before applying the ACLs, you should call an emergency change management meeting to ensure that the ACLs will not impact core business functions.
Applying changes to the ACLs immediately can adversely affect network communications and core business functions.
Meeting with the entire security team to obtain approval on the solution is unnecessary. The entire security team's approval is not needed.
Implementing the solution immediately if it is considered a best practice is incorrect. Even if the solution is a best practice, it may adversely affect network communications and core business functions.