CompTIACompTIA
CS0-003 · Question #364
CS0-003 Question #364: Real Exam Question with Answer & Explanation
The correct answer is C: Containment. After detecting a compromised email server and unusual network traffic, the next step in incident response is containment, to prevent further damage or spread of the compromise.
Submitted by ngozi_ng· Mar 6, 2026Incident Response and Management
Question
A security analyst detects an email server that had been compromised in the internal network. Users have been reporting strange messages in their email inboxes and unusual network traffic. Which of the following incident response steps should be performed next?
Options
- APreparation
- BValidation
- CContainment
- DEradication
Explanation
After detecting a compromised email server and unusual network traffic, the next step in incident response is containment, to prevent further damage or spread of the compromise.
Topics
#incident response#containment#IR lifecycle
Community Discussion
No community discussion yet for this question.