CompTIA CySA+CS0-002 – Question194

An analyst is responding to an incident within a cloud infrastructure. Based on the logs and traffic analysis, the analyst thinks a container has been compromised. Which of the following should the analyst do FIRST?

A.
Perform threat hunting in other areas of the cloud infrastructure.
B. Contact law enforcement to report the incident.
C. Perform a root cause analysis on the container and the service logs.
D. Isolate the container from production using a predefined policy template.

Correct Answer: D