🔥 3-day streak
Professional Security Operations Engineer117 / 241
Question 117 of 241

During a confirmed compromise of a Compute Engine VM, a SecOps SOAR playbook has already isolated the instance and killed the malicious cron-based backdoor process. Before the playbook transitions the case to the recovery/restore phase, the incident response lead wants to ensure the threat is fully eradicated and will not reactivate. Which action should the playbook perform next to best support this goal?

Reviewed for accuracy · Report an issueNext question