During an incident response, your team has detected a compromised system that is a part of the network. Which of the following actions is the BEST initial containment strategy to minimize the spread of an attack while preserving the state of the system for further investigation?
Rebooting the system to remove the attack components
Isolating the affected system from the network
Changing all user passwords immediately
Applying all missing patches to the affected system
|Threats, Vulnerabilities, and Mitigations
|Security Program Management and Oversight
|General Security Concepts