Which of the following actions should be taken when an online trading company discovers a
network attack in progress?
A.
Shut off all network access points
B.
Dump all event logs to removable media
C.
Isolate the affected network segment
D.
Enable trace logging on all event
Explanation:
Isolating the affected network segment will mitigate the immediate threat while allowing unaffected
portions of the business to continue processing. Shutting off all network access points would
create a denial of service that could result in loss of revenue. Dumping event logs and enabling
trace logging, while perhaps useful, would not mitigate the immediate threat posed by the network
attack.