🔥 3-day streak
Professional Security Operations Engineer118 / 241
Question 118 of 241
A SecOps team contained a compromised Compute Engine VM after a cryptominer infection. The SOAR playbook isolated the instance, snapshotted the disk for forensics, and revoked the attacker's persistence via a malicious cron job. During the post-incident review, the analyst notes that three other VMs in the same project were rebuilt from the same golden image that contained the vulnerable package the attacker exploited. What is the MOST effective post-incident corrective action to prevent recurrence across the environment?
Reviewed for accuracy · Report an issueNext question