An organization has activated an incident response plan due to a malware outbreak on its network. The
organization has brought in a forensics team that has identified an internet-facing Windows server as the likely
point of initial compromise. The malware family that was detected is known to be distributed by manually
logging on to servers and running the malicious code. Which of the following actions would be BEST to prevent
reinfection from the infection vector?
A. Prevent connections over TFTP from the internal network.
B. Create a firewall rule that blocks a 22 from the internet to the server.
C. Disable file sharing over port 445 to the server.
D. Block port 3389 inbound from untrusted networks.
organization has brought in a forensics team that has identified an internet-facing Windows server as the likely
point of initial compromise. The malware family that was detected is known to be distributed by manually
logging on to servers and running the malicious code. Which of the following actions would be BEST to prevent
reinfection from the infection vector?
A. Prevent connections over TFTP from the internal network.
B. Create a firewall rule that blocks a 22 from the internet to the server.
C. Disable file sharing over port 445 to the server.
D. Block port 3389 inbound from untrusted networks.