CompTIA Study Materials
AWS Study Materials
AWS Cloud Practitioner AWS Cloud Practitioner
AWS Cloud Practitioner CLF-C02
Microsoft Study Materials
Microsoft Azure Fundamentals Microsoft Azure Fundamentals
Microsoft Azure Fundamentals AZ-900

Free CompTIA CySA+ CS0-003 Practice Question

During an active incident response, an analyst has identified a server that has been compromised by malware. The server is part of a clustered database that includes real-time replication to other nodes. To prevent the spread of the malware, which of the following is the BEST course of action to isolate the compromised server while maintaining the highest degree of operational availability?

  • Start re-imaging the affected server to remove the malware.

  • Implement a rule on the firewall to block all traffic from the affected server.

  • Shut down the affected server immediately.

  • Disconnect the affected server's network connection.

This question is for objective:
Incident Response and Management
Your Score:
Incident Response and Management
Security Operations
Vulnerability Management
Reporting and Communication