11d • 🙋♂️ CISSP
CISSP Practice Question – Incident Response (Hard)
During a security investigation, the incident response team discovers that an attacker has gained persistent access to a critical application server. The attacker appears to be moving laterally inside the network, but the system also supports customer transactions in real time.
What is the MOST important action for the incident response team to take FIRST?
A. Contain the compromised server to prevent further lateral movement while maintaining business continuity.
B. Notify senior management and legal counsel to prepare for potential disclosure obligations.
C. Shut down the compromised server immediately to stop the attacker from exfiltrating additional data.
D. Begin collecting forensic images of the server for evidence preservation.
3
18 comments
CISSP Practice Question – Incident Response (Hard)
skool.com/cybersecurity-study-group
Share resources, get advice, and connect with peers studying cybersecurity. Join our CISSP study group and connect with fellow professionals today!
Leaderboard (30-day)
1
+45
2
+17
3
+14
4
+14
5
+11
Powered by