Incident Response Process: Re-enabling Network Shares

Re-enabling Network Shares

Prev Question Next Question

Question

Multiple employees receive an email with a malicious attachment that begins to encrypt their hard drives and mapped shares on their devices when it is opened.

The network and security teams perform the following actions: -> Shut down all network shares.

-> Run an email search identifying all employees who received the malicious message.

-> Reimage all devices belonging to users who opened the attachment.

Next, the teams want to re-enable the network shares.

Which of the following BEST describes this phase of the incident response process?

Answers

Explanations

Click on the arrows to vote for the correct answer

A. B. C. D.

C.

The phase of the incident response process described in the scenario is Recovery.

Recovery is the phase of incident response that involves restoring systems and processes to their normal operational state after an incident has occurred. The goal of this phase is to minimize the damage caused by the incident and restore normal business operations as quickly as possible.

In the given scenario, the network and security teams have already taken the necessary steps to contain the incident by shutting down all network shares and identifying all employees who received the malicious message. The teams then reimage all devices belonging to users who opened the attachment to remove the malware and any other potential threats.

The final step in this incident response process is to re-enable the network shares, which is a part of the recovery phase. By re-enabling the network shares, the network and security teams are working to restore normal business operations and minimize the impact of the incident on the organization.

To summarize, the phase of the incident response process described in the scenario is Recovery, which involves restoring systems and processes to their normal operational state after an incident has occurred.