CompTIA CySA+CS0-002 – Question110

An information security analyst discovered a virtual machine server was compromised by an attacker. Which of the following should be the FIRST steps to confirm and respond to the incident? (Choose two.)

A.
Pause the virtual machine.
B. Shut down the virtual machine.
C. Take a snapshot of the virtual machine.
D. Remove the NIC from the virtual machine.
E. Review host hypervisor log of the virtual machine.
F. Execute a migration of the virtual machine.

Correct Answer: CD