🔥 3-day streak
CompTIA CySA+ (CS0-003)48 / 147
Question 48 of 147
Two weeks after an incident response team completed the recovery phase for a ransomware event and formally closed the incident, the SOC detects the same malware family callback traffic from a different subnet that was previously believed unaffected. According to the incident response lifecycle, what is the MOST appropriate action for the team to take?
Reviewed for accuracy · Report an issueNext question