Free CompTIA CySA+ CS0-003 Practice Question

After a security breach was identified in a company's financial system, a cybersecurity analyst has been tasked with conducting a forensic analysis of the compromised server. Which of the following actions is the MOST important initial step the analyst should take to ensure the integrity of the forensic investigation?

  • Immediately disconnect the server from the network to prevent further access.

  • Reboot the server to analyze its behavior during startup for potential anomalies.

  • Begin analyzing the most recently modified files for evidence of the intrusion.

  • Utilize write blockers when making a forensic copy of the storage media.

This question's topic:
CompTIA CySA+ CS0-003 / 
Incident Response and Management
Your Score:

Check or uncheck an objective to set which questions you will receive.