Ask Question
17 June, 10:41

Scenario: An organization has an incident response plan that requires reporting incidents after verifying them. For security purposes, the organization has not published the plan. Only members of the incident response team know about the plan and its contents. Recently, a server administrator noticed that a web server he manages was running slower than normal. After a quick investigation, he realized an attack was coming from a specific IP address. He immediately rebooted the web server to reset the connection and stop the attack. He then used a utility he found on the Internet to launch a protracted attack against this IP address for several hours. Because attacks from this IP address stopped, he didn't report the incident.

What should have been done before rebooting the web server? A. Review the incidentB. Perform remediation stepsC. Take recovery stepsD. Gather evidence

+1
Answers (1)
  1. 17 June, 10:52
    0
    D, gather evidence, it's obvious he should have reported the problem which as many evidence possibly found, instead decides to reboot the server.
Know the Answer?
Not Sure About the Answer?
Get an answer to your question ✅ “Scenario: An organization has an incident response plan that requires reporting incidents after verifying them. For security purposes, the ...” in 📙 Computers & Technology if there is no answer or all answers are wrong, use a search bar and try to find the answer among similar questions.
Search for Other Answers