Free CompTIA Security+ SY0-701 Practice Question

During an incident response, an organization has identified an infected workstation that is part of a botnet and is communicating with external command and control servers. What is the BEST immediate action to contain this threat?

  • Perform a vulnerability scan to identify the infected workstation

  • Change access controls on the infected workstation

  • Capture network traffic to analyze the communication with the command and control servers

  • Isolate the infected workstation from the network

This question's topic:
CompTIA Security+ SY0-701 / 
Security Operations
Your Score:

Check or uncheck an objective to set which questions you will receive.