12d • 🙋♂️ CISSP
CISSP Practice Question – Security Operations
A security analyst receives an alert that several internal hosts are communicating with a known command-and-control server. The intrusion detection system (IDS) flagged the activity, but business-critical processes are running on the affected systems.
What should the incident response team do FIRST?
A. Disconnect the affected systems from the network immediately.
B. Validate the IDS alert to confirm whether the activity is a true positive.
C. Notify senior management of a confirmed breach.
D. Begin forensic imaging of the affected systems.
3
22 comments
CISSP Practice Question – Security Operations
skool.com/cybersecurity-study-group
Share resources, get advice, and connect with peers studying cybersecurity. Join our CISSP study group and connect with fellow professionals today!
Leaderboard (30-day)
1
+45
2
+17
3
+14
4
+14
5
+11
Powered by