Sophos Certified Engineer Practice Exam

Disable ads (and more) with a membership for a one time $4.99 payment

Prepare for the Sophos Certified Engineer Test. Study with flashcards and multiple-choice questions, each with hints and explanations. Get ready for your exam!

Start Multiple Choice Practice Test
Start Flash Cards

Practice this question and more.

When a malicious file is detected on an endpoint, which action prevents lateral movement through the network?

  1. Delete the malicious file

  2. Inform affected users

  3. Isolate the computer

  4. Run a full system scan

The correct answer is: Isolate the computer

Isolating the computer is a crucial action when dealing with a detected malicious file on an endpoint. This step effectively prevents lateral movement through the network, which is the ability of malware to spread from one machine to others. By isolating the affected endpoint, the network connection is severed, thereby stopping any potential communication or further infection spreading to other devices within the network. This action also gives security teams the opportunity to analyze the situation without the risk of the malicious activity escalating or propagating. It allows for a controlled environment to investigate the extent of the issue and take necessary steps for remediation, reducing the overall risk to the network. In contrast, deleting the malicious file might remove the immediate threat but does not prevent the malware from impacting other systems, especially if it’s still active on the network. Informing affected users, while important for awareness and preparedness, does not directly mitigate the risk of further spread. Running a full system scan can help in identifying other threats that may be present but does not actively prevent lateral movement once a malicious file has already been detected.

More Questions Like This