🎖️🏵️ Memorial Weekend Sale — 30% off🏵️🎖️

1 day, 1 hour remaining!
CompTIA Study Materials
AWS Study Materials
AWS Certified Developer Associate AWS Certified Developer Associate
AWS Certified Developer Associate DVA-C02
AWS Certified Solutions Architect Associate AWS Certified Solutions Architect Associate
AWS Certified Solutions Architect Associate SAA-C03
AWS Cloud Practitioner AWS Cloud Practitioner
AWS Cloud Practitioner CLF-C02
Microsoft Study Materials
Microsoft Azure Fundamentals Microsoft Azure Fundamentals
Microsoft Azure Fundamentals AZ-900

Free CompTIA CySA+ CS0-003 Practice Question

After a security breach was identified in a company's financial system, a cybersecurity analyst has been tasked with conducting a forensic analysis of the compromised server. Which of the following actions is the MOST important initial step the analyst should take to ensure the integrity of the forensic investigation?

  • Reboot the server to analyze its behavior during startup for potential anomalies.

  • Immediately disconnect the server from the network to prevent further access.

  • Utilize write blockers when making a forensic copy of the storage media.

  • Begin analyzing the most recently modified files for evidence of the intrusion.

This question is for objective:
Incident Response and Management
Your Score:
Incident Response and Management
Security Operations
Vulnerability Management
Reporting and Communication