Free CompTIA CySA+ CS0-003 Practice Question

After a security breach, an analyst determines that several endpoints have been compromised with persistent malware. Isolation procedures have been completed, and the decision has been made to re-image the affected systems to a known good state. Prior to the re-imaging process, which of the following steps is MOST important to perform to maintain the integrity of the incident response process?

  • Immediately disconnecting the affected systems from all networks

  • Ensuring a complete backup of the system has been created

  • Re-configuring the endpoint protection on the systems to prevent future infections

  • Deploying patches to all other systems in the network to prevent spread

This question's topic:
CompTIA CySA+ CS0-003 / 
Incident Response and Management
Your Score:

Check or uncheck an objective to set which questions you will receive.