CompTIA Study Materials
AWS Study Materials
AWS Cloud Practitioner AWS Cloud Practitioner
AWS Cloud Practitioner CLF-C02
Microsoft Study Materials
Microsoft Azure Fundamentals Microsoft Azure Fundamentals
Microsoft Azure Fundamentals AZ-900

Free CompTIA CySA+ CS0-003 Practice Question

During the monitoring phase, an anomaly is detected in the network traffic pattern indicating potential exfiltration of sensitive data. The security analyst observes a consistent high volume of outbound traffic heading to an unusual external IP address. What should the analyst do FIRST in accordance with incident declaration and escalation practices?

  • Draft an executive summary of the event to be distributed to all employees to ensure company-wide awareness.

  • Contact law enforcement for immediate investigation before taking any internal response measures.

  • Immediately disconnect the network to prevent further potential data loss without validating the incident.

  • Follow the organizational incident response plan to determine if the observed activity meets the criteria for incident declaration and escalate as required.

Subscribe to avoid duplicate questions and track your progress over time
This question is for objective:
Reporting and Communication
Your Score:
Reporting and Communication
Security Operations
Vulnerability Management
Incident Response and Management