🔥 3-day streak
Professional Security Operations Engineer119 / 241
Question 119 of 241

During response to a malware incident, a Google SecOps SOAR playbook has already isolated the affected host and removed the malicious binary. Before the playbook advances to the case-closure step, the responding engineer notices that the same file hash was written to a network file share that three other hosts mount. What is the MOST appropriate action to build into the playbook at this stage to prevent premature closure?

Reviewed for accuracy · Report an issueNext question