CompTIA Cloud+ (CV0-003) — Question 254

During a security incident on an IaaS platform, which of the following actions will a systems administrator most likely take as part of the containment procedure?

Answer options

• A. Connect to an instance for triage.
• B. Add a deny rule to the network ACL.
• C. Mirror the traffic to perform a traffic capture.
• D. Perform a memory acquisition.

Correct answer: B

Explanation

The correct answer is B because adding a deny rule to the network ACL effectively blocks malicious traffic and contains the incident. Options A, C, and D, while important in incident response, do not directly contribute to the immediate containment of the threat.