A user reports receiving a suspicious email containing a link prompting them to enter their credentials. What is the FIRST step in investigating this phishing attempt?

A user reports that all their files have been encrypted with the .locked extension, and a ransom note is present. What is the IMMEDIATE action to take?

Your IDS detects multiple SQL injection attempts on a public-facing web server. What is the BEST response?

What does the command
netsh advfirewall set allprofiles state off
do?

A brute-force attack has been detected against an exposed RDP server. What is the BEST mitigation strategy?

Your DLP (Data Loss Prevention) alerts show large data uploads to a cloud storage service. What is the next step of action?

Your SIEM system has flagged an alert indicating a high volume of failed login attempts followed by a successful login to an internal system using a corporate user's credentials. The account owner reports they did not attempt to log in, and the login was from an unrecognized IP address. What should be your FIRST course of action to mitigate the ATO attack?