CS0-003
Incident Response Management
hard
Question 3 of 20

A large organization experiences a ransomware outbreak affecting 40% of its endpoints. The CISO asks the incident response team lead what the immediate priority is after initial detection. What should the team lead recommend?

AIsolate affected endpoints from the network immediately to contain spread, then begin parallel eradication and forensic analysis
BPay the ransom immediately to restore operations as quickly as possible
CWait for all systems to be encrypted before taking action to gather more evidence
DShut down all network infrastructure including unaffected systems

More Incident Response Management Questions

20 questions

Full CompTIA CySA+ Practice Test

All topics covered

All CompTIA CySA+ Questions

Browse by topic

Related Questions

Which phase of the incident response lifecycle involves identifying and limiting the spread of an ac...

easy

What is the purpose of a tabletop exercise in incident response?...

easy

What does the MITRE ATT&CK framework's 'Kill Chain' concept describe in the context of incident resp...

easy

During an incident investigation, a forensic analyst needs to collect volatile data from a compromis...

medium

An incident has been detected where an attacker accessed an administrative account using stolen cred...

medium
View all Incident Response Management questions

Educational Content — CertQnA practice questions are written against official exam objectives, covering the same domains tested on the real exam. All content is original and independent — not actual exam questions, not affiliated with any certification vendor. Learn more about our content policy

Discussion

Be the first to share your understanding of this concept

⚠️ Discussion is for concept clarification only. Do not share or request actual exam questions or answers.

Sign in to join the discussion

Sign InCreate free account