CompTIA CASP+ (CAS-004) — Question 91

A user from the sales department opened a suspicious file attachment. The sales department then contacted the SOC to investigate a number of unresponsive systems, and the team successfully identified the file and the origin of the attack.
Which of the following is the NEXT step of the incident response plan?

Answer options

• A. Remediation
• B. Containment
• C. Response
• D. Recovery

Correct answer: B

Explanation

The next step in the incident response plan should be containment, as it involves preventing the incident from spreading further. Remediation, response, and recovery are important steps, but they typically follow containment, which aims to limit the impact of the attack.