CompTIA CySA+ (CS0-002) — Question 172

A network attack that is exploiting a vulnerability in the SNMP is detected. Which of the following should the cybersecurity analyst do FIRST?

Answer options

• A. Apply the required patches to remediate the vulnerability
• B. Escalate the incident to the senior management team for guidance
• C. Disable all privileged user accounts on the network
• D. Temporarily block the attacking IP address

Correct answer: D

Explanation

The correct action is to temporarily block the attacking IP address to prevent further exploitation of the vulnerability. Applying patches, escalating the incident, or disabling user accounts are important but should follow the immediate step of stopping the attack to mitigate damage.