CompTIA Security+ (SY0-601) — Question 512

A cybersecurity incident response team at a large company receives notification that malware is present on several corporate desktops. No known indicators of compromise have been found on the network. Which of the following should the team do first to secure the environment?

Answer options

• A. Contain the impacted hosts.
• B. Add the malware to the application blocklist.
• C. Segment the core database server.
• D. Implement firewall rules to block outbound beaconing.

Correct answer: A

Explanation

The first step to secure the environment is to contain the impacted hosts to prevent further spread of the malware. Adding the malware to the application blocklist, segmenting the database server, or implementing firewall rules are important but should follow the initial containment to ensure no additional systems are compromised.