Which action best enforces containment by isolating a malware-infected host to prevent spread?

Unlock all questions

This demo includes only 20 questions. Upgrade to access hundreds of questions, flashcards, exam simulations, and disable ads.

Full question bankExam simulationsFlashcards
From $24.99Unlock all

Boost your cybersecurity skills with our NOCTI Cybersecurity Standard Certification Quiz. Explore detailed questions and explanations to enhance your preparation and succeed on your certification exam!

Multiple Choice

Which action best enforces containment by isolating a malware-infected host to prevent spread?

Explanation:
Containment in incident response is about isolating an infected system so it cannot communicate with other devices, slow or stop the malware’s spread, and give responders a chance to clean and restore systems. Removing the compromised computer from the network achieves this most directly. By disconnecting it, the malware loses its means to propagate to other hosts, access other systems, or receive further commands, which stops the outbreak at its source and prevents new infections while you examine and remediate the machine. Other options don’t isolate the infected host. Updating all software on the network is important for reducing vulnerabilities, but it doesn’t stop the current infected machine from spreading. Changing the router password affects access control but doesn’t remove the infected host from the network. Backing up data is about recovery and continuity and may even capture unclean data if the malware is still active; it doesn’t contain the spread.

Containment in incident response is about isolating an infected system so it cannot communicate with other devices, slow or stop the malware’s spread, and give responders a chance to clean and restore systems.

Removing the compromised computer from the network achieves this most directly. By disconnecting it, the malware loses its means to propagate to other hosts, access other systems, or receive further commands, which stops the outbreak at its source and prevents new infections while you examine and remediate the machine.

Other options don’t isolate the infected host. Updating all software on the network is important for reducing vulnerabilities, but it doesn’t stop the current infected machine from spreading. Changing the router password affects access control but doesn’t remove the infected host from the network. Backing up data is about recovery and continuity and may even capture unclean data if the malware is still active; it doesn’t contain the spread.

More Multiple Choice Questions
Subscribe

Get the latest from Examzify

You can unsubscribe at any time. Read our privacy policy