Crucial Exams

CompTIA CySA+ CS0-003 Practice Question

After a security breach was identified in a company's financial system, a cybersecurity analyst has been tasked with conducting a forensic analysis of the compromised server. Which of the following actions is the MOST important initial step the analyst should take to ensure the integrity of the forensic investigation?

  • Immediately disconnect the server from the network to prevent further access.

  • Reboot the server to analyze its behavior during startup for potential anomalies.

  • Begin analyzing the most recently modified files for evidence of the intrusion.

  • Utilize write blockers when making a forensic copy of the storage media.

CompTIA CySA+ CS0-003
Incident Response and Management
Your Score:
Settings & Objectives
Random Mixed
Questions are selected randomly from all chosen topics, with a preference for those you haven’t seen before. You may see several questions from the same objective or domain in a row.
Rotate by Objective
Questions cycle through each objective or domain in turn, helping you avoid long streaks of questions from the same area. You may see some repeat questions, but the distribution will be more balanced across topics.

Check or uncheck an objective to set which questions you will receive.

Wipe Score
SAVE $49
CompTIA Cybersecurity Analyst Voucher (CySA+ CS0-003)
$404.00 $355.00
Bash, the Crucial Exams Chat Bot
AI Bot