ISC2 CC • Practice Test 36
Free ISC2 CC practice test — 15 questions with explanations. Set 36. No signup required.
You are a SOC analyst for a financial institution. At 2:00 AM, your SIEM generates a critical alert from the email security gateway indicating that an internal user received a phishing email with a malicious attachment. The email was delivered to the user's inbox, and the user's account activity logs show that the attachment was opened 10 minutes ago. The user is a junior accountant who works in the accounts payable department. You have access to endpoint detection tools, email logs, and network traffic data. The organization's incident response policy requires containment within 30 minutes of detection. Which action should you take FIRST?