CompTIA Security+ SY0-601 – Question422

A systems engineer thinks a business system has been compromised and is being used to exfiltrate data to a
competitor. The engineer contacts the CSIRT. The CSIRT tells the engineer to immediately disconnect the
network cable and to not do anything else. Which of the following is the most likely reason for this request?


A.
The CSIRT thinks an insider threat is attacking the network.
B. Outages of business-critical systems cost too much money.
C. The CSIRT does not consider the systems engineer to be trustworthy.
D. Memory contents, including fileless malware, are lost when the power is turned off.

Correct Answer: D