Certified SOC Analyst (CSA) — Question 43

Bonney's system has been compromised by a gruesome malware.
What is the primary step that is advisable to Bonney in order to contain the malware incident from spreading?

Answer options

• A. Complaint to police in a formal way regarding the incident
• B. Turn off the infected machine
• C. Leave it to the network administrators to handle
• D. Call the legal department in the organization and inform about the incident

Correct answer: B

Explanation

The best immediate action to contain a malware incident is to turn off the infected machine, as this prevents further spread of the malware within the network. Filing a police report, notifying the legal department, or leaving the situation to network administrators does not address the urgent need to stop the malware from propagating.