You notice unusual user behavior on your network, such as multiple failed login attempts. What's your first action?

While investigating a recent cyberattack, you realize the attacker exploited a vulnerability your team was unaware of. What could have been done earlier to reduce this risk?

Your team is debating which tool is best to monitor unusual user behavior. Which one should you recommend?

Imagine you're tracking an ongoing cyber incident. You decide to isolate one server to prevent the attack from spreading. What kind of strategy are you implementing?

A colleague shares an alert about unusual network activity, but it's unclear if it's a cyberattack. What would be your first step to manage this situation?

During a cybersecurity simulation, you are asked to prioritize tasks. Which action would you perform first if your team identifies an active threat?

A team member suggests completely shutting down all servers during a cyberattack to stop the spread of the threat. What's a potential downside to this approach?