CompTIA CySA+ CS0-003 Practice Question
During a routine security audit, your team discovers multiple instances of unauthorized access attempts on a sensitive database. As the lead incident responder, what should be your first step according to a well-structured incident response plan?
Isolate the affected system.
Notify law enforcement.
Identify and validate the incident.
Inform upper management.