CS0-003 Security Operations • Set 7
CS0-003 Security Operations Practice Test 7 — 15 questions with explanations. Free, no signup.
An endpoint is actively beaconing to a known malicious IP and spawning credential-dumping tools. The business owner wants evidence preserved. What is the BEST containment action? In the alert triage phase, Which action gives the analyst the clearest next triage step?