Which of the following practices should an incident responder not follow for containing an inappropriate usage incident?

Maximizing user privileges of employee computers and systems is not a recommended practice when containing an inappropriate usage incident. Such an approach can significantly increase security risks, as it allows users greater access to sensitive systems and data than necessary. This can lead to further abuse or accidental misuse, compounding the incident rather than containing it.

In contrast, documenting all actions taken during the incident response is crucial for accountability and for learning from the incident. Reverting systems to a previous clean state helps ensure that any harmful changes made during the incident are undone, preserving the integrity of the systems. Implementing incident response protocols effectively ensures that responders follow a structured approach to incident containment, management, and investigation, minimizing potential damage and improving response times.