🔥 3-day streak
Professional Cloud Security Engineer90 / 152
Question 90 of 152
Your security operations team receives a Security Command Center finding indicating a Compute Engine VM in a production project is communicating with a known cryptomining command-and-control endpoint. The incident response runbook requires that you preserve volatile and disk evidence for forensic analysis while immediately stopping the malicious outbound traffic, and you must minimize the risk of the attacker detecting your response. Which sequence of actions best meets these requirements?
Reviewed for accuracy · Report an issueNext question