An incident responder receives a call from a user who reports a computer is exhibiting symptoms consistent with a malware infection.
Which of the following steps should the responder perform NEXT?
A.
Capture and document necessary information to assist in the response.
B.
Request the user capture and provide a screenshot or recording of the symptoms.
C.
Use a remote desktop client to collect and analyze the malware in real time.
D.
Ask the user to back up files for later recovery.
Why would you use remote desktop client to analyze and document when the first thing you are supposed to do even with a suspected infection is isolate?
I think if any of these answers are possibly correct (since none of them mention isolation/quarantine), it would be A if you were an onsite responder and are able to already isolate and investigate.
a lot of these answers on here are wrong. The answer is A
The answer is A. Ive notice this site has a couple of the wrong answers.