🔥 3-day streak
CompTIA SecurityX (CAS-005)49 / 120
Question 49 of 120
During an active incident, a SecurityX analyst confirms that a threat actor has compromised a domain-joined workstation and is using stolen Kerberos tickets to authenticate laterally to file servers. The finance department is actively closing quarter-end books and their file share resides on one of the targeted servers. Leadership has authorized aggressive containment but wants business disruption minimized. Which containment action BEST limits lateral movement while preserving evidence and critical business function?
Reviewed for accuracy · Report an issueNext question