Ask Question
21 August, 00:21

A systems administrator has isolated an infected system from the network and terminated the

malicious process from executing. Which of the following should the administrator do NEXT according to

the incident response process?

A) Restore lost data from a backup.

B) Wipe the system.

C) Document the lessons learned.

D) Determine the scope of impact.

+3
Answers (1)
  1. 21 August, 02:45
    0
    Answer: A) Restore lost data from a backup.

    Explanation:

    Here we are given a situation where the infected system has been isolated from the network by the system administrator and has also prevented the malicious process from executing. As the infected system already contains some of the important files and documents along with the malicious item therefore it is always necessary to restore the data which has been lost. As we have a backup in the form of a system database so we can restore all the required system files from the backup as the malicious item might have also affected the files in the system therefore option A is correct.

    Option B is incorrect as wiping up of the system would lead to severe problems in regard to the files and documents.

    Both option C and D are incorrect as these needs to be done in later stages of the incident response process.
Know the Answer?
Not Sure About the Answer?
Get an answer to your question ✅ “A systems administrator has isolated an infected system from the network and terminated the malicious process from executing. Which of the ...” in 📙 Computers & Technology if there is no answer or all answers are wrong, use a search bar and try to find the answer among similar questions.
Search for Other Answers