CompTIA Security+ SY0-701 Practice Question

An organization has experienced a security incident involving an advanced persistent threat (APT) that has bypassed existing security controls and established a foothold on the network. As part of the incident response activities, what is the MOST appropriate immediate action to take once the threat is confirmed?

  • Immediately shutdown the entire network to eradicate the APT's foothold and start the recovery process.

  • Isolate the affected systems from the network to prevent the APT from further establishing its presence or causing additional damage.

  • Begin forensic analysis on all systems to understand all the methods the APT used to infiltrate the network.

  • Start documenting the incident details for the after-action report and notify external stakeholders.

CompTIA Security+ SY0-701
Security Operations
Your Score:
Settings & Objectives

Check or uncheck an objective to set which questions you will receive.

Bash, the Crucial Exams Chat Bot
AI Bot