CompTIA Cloud+ CV0-003 Practice Question
A cloud engineer is responding to a security breach in which sensitive company data was exfiltrated. In order to facilitate a thorough investigation, what is the most appropriate initial step for acquiring evidence related to the incident?
Copying log files to a USB drive for analysis
Immediately isolating the network segment containing the affected systems
Rebooting systems to check if the breach persists
Creating a forensic image of affected systems