CertNexus Certified Cyber Secure Coder (CSC) — Question 28

An incident handler is assigned to initiate an incident response for a complex network that has been affected by malware. Which of the following actions should be taken FIRST?

Answer options

• A. Make an incident response plan.
• B. Prepare incident response tools.
• C. Isolate devices from the network.
• D. Capture network traffic for analysis.

Correct answer: D

Explanation

The first action should be to capture network traffic for analysis to understand the scope and nature of the malware attack. Making an incident response plan, preparing tools, or isolating devices may be necessary later but do not provide immediate insight into the ongoing incident like capturing traffic does.