CompTIA CySA+ CS0-003 Practice Question
During an incident response, what is the BEST method to isolate a compromised system to prevent lateral movement while maintaining evidence for analysis?
Disconnect the network interface card (NIC) from the network
Reimage the system to a known good state
Log off any users and wait for further instructions
Shut down the system to cut off all processes