CompTIA Cloud+ (CV0-003) — Question 217

Which of the following actions should a systems administrator perform during the containment phase of a security incident in the cloud?

Answer options

• A. Deploy a new instance using a known-good base image.
• B. Configure a firewall rule to block the traffic on the affected instance.
• C. Perform a forensic analysis of the affected instance.
• D. Conduct a tabletop exercise involving developers and systems administrators.

Correct answer: B

Explanation

The correct answer is B because blocking traffic to the affected instance is a critical step in containment to prevent further damage. Option A, while a good practice, does not directly address containment. Option C is more related to investigation than containment, and option D focuses on training rather than immediate containment actions.