Implementing and Operating Cisco Security Core Technologies (SCOR) — Question 535

A network administrator has installed Secure Endpoint in the network. During setup it was noticed an endpoint has been exhibiting unusual behavior, including slow performance and unexpected network activity. Administrator discovers a suspicious file named abc0467145535.exe running in the background. Which step must the network administrator take to investigate and remediate the potential malware?

Answer options

• A. Isolate the endpoint from the network.
• B. Reset the endpoint password and enable multi-factor authentication.
• C. Format and reinstall the operating system on the endpoint.
• D. Disable all non-essential processes running on the endpoint.

Correct answer: A

Explanation

The correct answer is A, as isolating the endpoint from the network prevents potential malware from spreading and allows for a safe investigation. Options B and D do not directly address the immediate threat posed by the suspicious file, while C, although a potential solution, is a more drastic measure that may not be necessary at this stage of investigation.