Free CompTIA CySA+ CS0-003 Practice Question

Upon concluding the containment and eradication of a sophisticated network intrusion, your team is moving into the recovery and post-incident phases. Identifying priority actions is key to enhancing resilience against future attacks. Which of the following actions is paramount for the organization to perform immediately after restoring services?

  • Running an immediate full-scale audit on all security systems to check for remaining threats

  • Convening the board of directors to explain the technical details of the attack vector and its mitigation

  • Urgently updating all endpoint protection platforms across the enterprise network

  • Initiating a lessons learned session with key response team members to evaluate the incident response effectiveness and outline improvement strategies

  • Revising the organization's firewall and network perimeter policies based on the specific attack vectors that were exploited

  • Implementing new sandboxing techniques for email attachments to prevent similar malware infections

This question's topic:
CompTIA CySA+ CS0-003 / 
Incident Response and Management
Your Score:

Check or uncheck an objective to set which questions you will receive.