CompTIA Cloud+ (CV0-003) — Question 160

In an IaaS platform, which of the following actions would a systems administrator take FIRST to identify the scope of an incident?

Answer options

• A. Conduct a memory acquisition.
• B. Snapshot all volumes attached to an instance.
• C. Retrieve data from a backup.
• D. Perform a traffic capture.

Correct answer: D

Explanation

Performing a traffic capture is essential as it allows the administrator to analyze network activity and identify any suspicious behavior or anomalies related to the incident. The other options, while important in their contexts, do not provide immediate insight into the ongoing incident's scope like traffic analysis can.