Free CompTIA Security+ SY0-701 Practice Question

An organization has noticed an unusual amount of traffic to a legacy server. Upon investigation, it was discovered that a service account has been used to elevate permissions and install unauthorized software. Which of the following should be the FIRST step in the incident response process to handle this situation?

  • Containment

  • Preparation

  • Recovery

  • Eradication

This question's topic:
CompTIA Security+ SY0-701 / 
Security Operations
Your Score:

Check or uncheck an objective to set which questions you will receive.