Free CompTIA Security+ SY0-701 Practice Question

An organization has experienced a security incident involving an advanced persistent threat (APT) that has bypassed existing security controls and established a foothold on the network. As part of the incident response activities, what is the MOST appropriate immediate action to take once the threat is confirmed?

  • Isolate the affected systems from the network to prevent the APT from further establishing its presence or causing additional damage.

  • Immediately shutdown the entire network to eradicate the APT's foothold and start the recovery process.

  • Begin forensic analysis on all systems to understand all the methods the APT used to infiltrate the network.

  • Start documenting the incident details for the after-action report and notify external stakeholders.

This question's topic:
CompTIA Security+ SY0-701 / 
Security Operations
Your Score:

Check or uncheck an objective to set which questions you will receive.