A. Notify an administrator
B. Install new antivirus software
C. Update the antivirus signature files
D. Contain the problem.
Over 375 practice test questions in this book:
CompTIA Security+: Get Certified Get Ahead: SY0-201 Study Guide
List of Security+ Blogs
List of Security+ Questions
Answer: D. The first step in response to an incident to contain or isolate the problem. This can often be done by simply pulling the cable on the NIC. Notification should be done after containment, but policy would often dictate the notification of someone on an incident response team. Ensuring that a system has antivirus software and updated signature files are good steps to take, but not as a first step after an infection. You’d still want to contain the problem to a single system before installing the software and updating definitions.
This question is related to objective:
6.3 Differentiate between and execute appropriate incident response procedures.
- Damage and loss control