🔥 3-day streak
CompTIA CySA+ (CS0-003)13 / 147
Question 13 of 147

During the analysis phase of an incident, a SOC analyst confirms a workstation is infected with credential-harvesting malware. Before recommending containment actions, the incident lead insists the team first determine which other systems the compromised account accessed, what data was reachable, and whether the malware spread laterally. Which incident response activity is the lead prioritizing?

Reviewed for accuracy · Report an issueNext question