Which of the following should be performed FIRST to han

Prev Question
Next Question

A web server is attacked and compromised. Which of the following should be performed FIRST to
handle the incident?

A.
Dump the volatile storage data to a disk.

B.
Run the server in a fail-safe mode.

C.
Disconnect the web server from the network.

D.
Shut down the web server.

Explanation:
The first action is to disconnect the web server from the network to contain the damage and prevent
more actions by the attacker. Dumping the volatile storage data to a disk may be used at the
investigation stage but does not contain an attack in progress. To run the server in a fail-safe mode,
the server needs to be shut down. Shutting down the server could potentially erase information that
might be needed for a forensic investigation or to develop a strategy to prevent future similar attacks.

Prev Question
Next Question

Leave a Reply

Your email address will not be published. Required fields are marked *