⚡Flash Sale: 33% off Annual Membership, limited time only!⚡

CompTIA Study Materials
AWS Study Materials
AWS Certified Developer Associate AWS Certified Developer Associate
AWS Certified Developer Associate DVA-C02
AWS Certified Solutions Architect Associate AWS Certified Solutions Architect Associate
AWS Certified Solutions Architect Associate SAA-C03
AWS Cloud Practitioner AWS Cloud Practitioner
AWS Cloud Practitioner CLF-C02
Microsoft Study Materials
Microsoft Azure Fundamentals Microsoft Azure Fundamentals
Microsoft Azure Fundamentals AZ-900

Free CompTIA Security+ SY0-601 Practice Question

During a cybersecurity incident, you suspect that an attacker has tampered with the memory contents of a compromised system to execute unauthorized actions. What is the most appropriate immediate action to preserve the current state of the system's memory for analysis?

  • Acquire a snapshot of the system's active memory.

  • Run a complete antivirus scan to remove any potential threats before capturing memory contents.

  • Power off the system to prevent any further damage or data loss.

  • Reboot the system in a safe mode and install system monitoring software.

This question's topic:
CompTIA Security+ SY0-601 / 
Operations and Incident Response
Your Score:
Operations and Incident Response
Attacks, Threats, and Vulnerabilities
Architecture and Design
Implementation
Governance, Risk, and Compliance