Containment — CompTIA CySA+ (CS0-003) Practice Questions

Containment is the incident response phase focused on limiting the spread and impact of a confirmed security incident while preserving evidence for investigation and potential legal proceedings. On the CySA+ exam, candidates are tested on both short-term containment actions, such as disabling a compromised account or blocking a malicious IP, and long-term containment measures like network segmentation or system isolation that allow business operations to continue in a reduced-risk state. The choice between containment strategies involves tradeoffs between operational continuity and security assurance that analysts must justify to stakeholders. Effective containment prevents an incident from escalating into a full-scale breach while buying time for eradication and recovery activities.

Free questions on containment

More containment questions in the full bank

• In incident response, what is the purpose of the containment phase? Unlock answer & explanation →
• When responding to a confirmed data breach, what is the FIRST priority? Unlock answer & explanation →
• In the incident response process, what does the containment phase primarily focus on? Unlock answer & explanation →