CompTIA Security+ SY0-601 – Question049

An organization has hired a red team to simulate attacks on its security posture. Which of the following will the
blue team do after detecting an IoC?


A.
Reimage the impacted workstations.
B. Activate runbooks for incident response.
C. Conduct forensics on the compromised system.
D. Conduct passive reconnaissance to gather information.

Correct Answer: B