Performing CyberOps Using Cisco Security Technologies (CBRCOR) — Question 7

The incident response team receives information about the abnormal behavior of a host. A malicious file is found being executed from an external USB flash drive.
The team collects and documents all the necessary evidence from the computing resource. What is the next step?

Answer options

• A. Conduct a risk assessment of systems and applications
• B. Isolate the infected host from the rest of the subnet
• C. Install malware prevention software on the host
• D. Analyze network traffic on the host's subnet

Correct answer: B

Explanation

The correct step is to isolate the infected host from the rest of the subnet to prevent further spread of the malware and protect other systems. Conducting a risk assessment, installing malware prevention software, or analyzing network traffic can be done later, but isolation is critical to contain the threat immediately.