medium
Single Answer
0Leonidas is responsible for forensic investigations and is investigating a medium-severity security incident that involved the defacement of a corporate website. The web server in question ran on a virtualization platform, and the marketing team would like to get the website up and running as quickly as possible. What would be the most reasonable next step for Leonidas to take?
Answer Options
A
Keep the website offline until the investigation is complete.
B
Take the virtualization platform offline as evidence.
C
Take a snapshot of the compromised system and use that for the investigation.
D
Ignore the incident and focus on quickly restoring the website.
Correct Answer: C
Explanation
Leonidas should conduct his investigation, but there is a pressing business need to bring the website back online. The most reasonable course of action would be to take a snapshot of the compromised system and use the snapshot for the investigation, restoring the website to operation as quickly as possible while using the results of the investigation to improve security.