Valid CV0-003 Dumps shared by ExamDiscuss.com for Helping Passing CV0-003 Exam! ExamDiscuss.com now offer the newest CV0-003 exam dumps, the ExamDiscuss.com CV0-003 exam questions have been updated and answers have been corrected get the newest ExamDiscuss.com CV0-003 dumps with Test Engine here:
During a security incident, an laaS compute instance is detected to send traffic to a host related to cryptocurrency mining. The security analyst handling the incident determines the scope of the incident is limited to that particular instance. Which of the following should the security analyst do NEXT?
Correct Answer: A
Explanation The first step in incident response is to contain the incident activities and attackers, which means preventing them from spreading to other systems or causing more damage. In this case, the security analyst should isolate the instance from the network into quarantine, which means cutting off its communication with other hosts and services. This will stop the cryptocurrency mining activity and prevent the attacker from accessing the instance remotely. Isolating the instance also preserves the evidence for further analysis and investigation.