CompTIACompTIA
CS0-003 · Question #132
CS0-003 Question #132: Real Exam Question with Answer & Explanation
The correct answer is D: Isolate the container from production using a predefined policy template. First isolate to prevent further damage, then analyse root cause.
Submitted by anna_se· Mar 6, 2026Incident Response and Management
Question
An analyst is responding to an incident within a cloud infrastructure. Based on the logs and traffic analysis, the analyst thinks a container has been compromised. Which of the following should the analyst do FIRST?
Options
- APerform threat hunting in other areas of the cloud infrastructure
- BContact law enforcement to report the incident
- CPerform a root cause analysis on the container and the service logs
- DIsolate the container from production using a predefined policy template
Explanation
First isolate to prevent further damage, then analyse root cause.
Topics
#incident response#containment#cloud security#container security
Community Discussion
No community discussion yet for this question.