CompTIA CySA+ CS0-003 Practice Question
After a security breach, an analyst determines that several endpoints have been compromised with persistent malware. Isolation procedures have been completed, and the decision has been made to re-image the affected systems to a known good state. Prior to the re-imaging process, which of the following steps is MOST important to perform to maintain the integrity of the incident response process?
Ensuring a complete backup of the system has been created
Deploying patches to all other systems in the network to prevent spread
Re-configuring the endpoint protection on the systems to prevent future infections
Immediately disconnecting the affected systems from all networks