Practice Question!
A large financial institution discovers unusual network traffic patterns at 2 AM. Initial investigation reveals encrypted data being transferred from a server containing customer financial records to an unknown external IP address. The CISO is immediately notified. System logs indicate that the suspicious activity originated from a privileged account belonging to a recently terminated system administrator. The account was supposed to have been disabled during off-boarding last week. What should be the FIRST priority for the incident response team?
A) Terminate all external network connections to prevent further data exfiltration
B) Preserve system logs and begin collecting forensic evidence
C) Disable the compromised administrative account
D) Notify law enforcement and affected customers about the potential breach
43 votes
3
5 comments
Vincent Primiani
6
Practice Question!
CISSP Study Group
skool.com/cissp
Share resources, get advice, and connect with peers studying cybersecurity. Join our CISSP study group and connect with fellow professionals today!
Leaderboard (30-day)
powered by