CompTIA Security+ SY0-701 Practice Question
An organization has noticed an unusual amount of traffic to a legacy server. Upon investigation, it was discovered that a service account has been used to elevate permissions and install unauthorized software. Which of the following should be the FIRST step in the incident response process to handle this situation?
Containment
Preparation
Recovery
Eradication