Skip to Content

CCST Cybersecurity: What Is the First Step When Responding to Ongoing Cyberattack? Containment for CCST Cybersecurity

By: Author Alex Lim

Posted on

Categories Exam

What is the first step a SOC analyst should take when detecting an ongoing cyberattack? Learn why containment is critical to prevent further damage, a key concept for the Cisco Certified Support Technician (CCST) Cybersecurity 100-160 exam.

Table of Contents

Question

A security operations center (SOC) analyst detects an ongoing cyberattack. What is the first step in responding to this incident?

A. Immediately shut down all affected systems
B. Erase all logs to remove traces of the attack
C. Contain the attack and prevent further spread
D. Notify all employees to change their passwords
E. Publicly announce the breach to customers

Answer

C. Contain the attack and prevent further spread

Explanation

Containment is the first step in incident response, preventing the attack from causing more damage before moving on to eradication and recovery.

The first step in responding to an ongoing cyberattack is to contain the attack and prevent further spread.

Containment is the immediate priority once a cyberattack is detected, as it limits the attacker’s ability to cause additional harm or move laterally within the network.

Effective containment strategies include isolating affected systems, blocking malicious network traffic, disabling compromised accounts, and restricting access to sensitive resources.

This step is essential before eradication and recovery because it stops the attack’s progression, preserves evidence for investigation, and minimizes operational disruption.

Shutting down all systems or erasing logs is not recommended as an initial response, since it can destroy valuable forensic data needed for root cause analysis and legal compliance.

After containment, the incident response process continues with eradication (removing the threat), recovery (restoring systems), and post-incident review to strengthen defenses.

Containment is the first and most critical step in incident response, ensuring the attack does not escalate or compromise additional systems before moving on to eradication and recovery.

Cisco Certified Support Technician (CCST) Cybersecurity 100-160 certification exam practice question and answer (Q&A) dump with detail explanation and reference available free, helpful to pass the Cisco Certified Support Technician (CCST) Cybersecurity 100-160 exam and earn Cisco Certified Support Technician (CCST) Cybersecurity 100-160 certification.