An administrator has been informed that one of the systems on the corporate network has been
compromised. Which of the following steps should the administrator take NEXT to initiate proper
incident response?
A.
Take screen shots and copy logs from the affected machine, storing these in a secured
environment.
B.
Use MD5 on the system and backup the current image if the system is virtual.
C.
Isolate the device and perform a device wipe.
D.
Alert the incident response team and await further instruction on procedures.
Explanation: