Sophos Certified Engineer Practice Exam

Question: 1 / 400

What can be done to isolate a computer involved in a security incident?

Quarantine the device from the network

Quarantining the device from the network is an essential step in isolating a computer involved in a security incident. This action prevents the compromised system from communicating with other devices or users on the network, thereby containing the potential spread of malware or data breaches. By isolating the device, security teams can conduct further analysis and remediation without risking exposure to additional systems.

In contrast, deleting all files on the device may lead to potential loss of important forensic evidence that could be critical in understanding the nature and extent of the security incident. Changing user permissions could mitigate the risk of further unauthorized access, but it does not effectively isolate the device itself. Conducting a risk assessment is a valuable step in the overall incident response process, but it does not achieve the immediate goal of isolating the affected system from the network. Thus, quarantining the device is the most effective option for immediate isolation in response to a security issue.

Get further explanation with Examzify DeepDiveBeta

Delete all files on the device

Change user permissions

Conduct a risk assessment

Next Question

Report this question

Subscribe

Get the latest from Examzify

You can unsubscribe at any time. Read our privacy policy