CompTIA CySA+ CS0-003 Practice Question
An organization's IT department has noticed an unusual increase in outbound network traffic and several user accounts originating from a single IP address. Which of the following would be the MOST appropriate action to perform FIRST in order to begin the incident response process?
Contact law enforcement to report an ongoing cyberattack and seek guidance
Gather all relevant logs and artifacts related to the abnormal activity and ensure they are securely stored
Immediately isolate the affected systems from the network to prevent further unauthorized access
Shut down the organization's internet connection to stop the outflow of data