The security administrator is receiving numerous alerts from the internal IDS of a possible
Conficker infection spreading through the network via the Windows file sharing services. Given the
size of the company which deploys over 20,000 workstations and 1,000 servers, the security
engineer believes that the best course of action is to block the file sharing service across the
organization by placing ACLs on the internal routers.
Which of the following should the security administrator do before applying the ACL?
A.
Quickly research best practices with respect to stopping Conficker infections and implement the
solution.
B.
Consult with the rest of the security team and get approval on the solution by all the team
members and the team manager.
C.
Apply the ACL immediately since this is an emergency that could lead to a widespread data
compromise.
D.
Call an emergency change management meeting to ensure the ACL will not impact core
business functions.