To secure the scene, which of the followings actions should you perform?

You are the first to arrive at a crime scene in which a hacker is accessing unauthorized data on a file server from across the network. To secure the scene, which of the followings actions should you perform?

You are the first to arrive at a crime scene in which a hacker is accessing unauthorized data on a file server from across the network. To secure the scene, which of the followings actions should you perform?

A.
Prevent members of the organization from entering the server room.

B.
Prevent members of the incident response team from entering the server room.

C.
Shut down the server to prevent the user from accessing further data

D.
Detach the network cable from the server to prevent the user from accessing further data.

Explanation:
Answer A is correct to stop anyone from corrupting the evidence.
Answer B is incorrect, because you would want the incident response team there.
Answer C is incorrect, because that would corrupt any evidence that is stored in RAM.
Answer D is correct to stop all activity to the hacker.



Leave a Reply 0

Your email address will not be published. Required fields are marked *