18d • 🙋♂️ CISSP
CISSP Practice Question – Incident Response
During normal monitoring, the SOC identifies unusual outbound traffic from a critical database server. Initial analysis suggests the data may be exfiltrating to an external IP address.
What should the incident response team do FIRST?
A. Shut down the database server immediately to stop the data leak.
B. Escalate to senior management and legal counsel for notification decisions.
C. Collect volatile system memory and network session data from the affected server.
D. Contact law enforcement to report the potential breach.
2
11 comments
CISSP Practice Question – Incident Response
skool.com/cybersecurity-study-group
Share resources, get advice, and connect with peers studying cybersecurity. Join our CISSP study group and connect with fellow professionals today!
Leaderboard (30-day)
1
+45
2
+17
3
+14
4
+14
5
+11
Powered by