CompTIA Study Materials
AWS Study Materials
AWS Cloud Practitioner AWS Cloud Practitioner
AWS Cloud Practitioner CLF-C02
Microsoft Study Materials
Microsoft Azure Fundamentals Microsoft Azure Fundamentals
Microsoft Azure Fundamentals AZ-900

Free CompTIA Security+ SY0-701 Practice Question

An organization has experienced a security incident involving an advanced persistent threat (APT) that has bypassed existing security controls and established a foothold on the network. As part of the incident response activities, what is the MOST appropriate immediate action to take once the threat is confirmed?

  • Isolate the affected systems from the network to prevent the APT from further establishing its presence or causing additional damage.

  • Immediately shutdown the entire network to eradicate the APT's foothold and start the recovery process.

  • Begin forensic analysis on all systems to understand all the methods the APT used to infiltrate the network.

  • Start documenting the incident details for the after-action report and notify external stakeholders.

Subscribe to avoid duplicate questions and track your progress over time
This question is for objective:
Security Operations
Your Score:
Security Operations
Threats, Vulnerabilities, and Mitigations
Security Architecture
Security Program Management and Oversight
General Security Concepts