CompTIA Security+ (SY0-601) — Question 675

During a recent penetration test, the tester discovers large amounts of data were exfiltrated over the course of 12 months via the internet. The penetration tester stops the test to inform the client of the findings. Which of the following should be the client's NEXT step to mitigate the issue?

Answer options

• A. Conduct a full vulnerability scan to identify possible vulnerabilities.
• B. Perform containment on the critical servers and resources.
• C. Review the firewall and identify the source of the active connection.
• D. Disconnect the entire infrastructure from the internet.

Correct answer: B

Explanation

The correct answer is B, as containment is crucial to limit further data loss and secure critical assets. Simply conducting a vulnerability scan (A), reviewing the firewall (C), or disconnecting from the internet (D) may not immediately address the ongoing risk and could lead to additional complications.