Which of the following should be the FIRST action taken?

seenagapeFebruary 14, 2018

An information security manager believes that a network file server was compromised by a hacker. Which of
the following should be the FIRST action taken?

PrepAway - Latest Free Exam Questions & Answers

A.
Unsure that critical data on the server are backed up.

B.
Shut down the compromised server.

C.
Initiate the incident response process.

D.
Shut down the network.

Explanation:
The incident response process will determine the appropriate course of action. If the data have been corrupted by a hacker, the backup may also be corrupted. Shutting down the server is likely to destroy any forensic evidence that may exist and may be required by the investigation. Shutting down the network is a drastic action,
especially if the hacker is no longer active on the network.

Get 50% Discount on All Your Purchases
at PrepAway.com - Latest Exam Questions

This is ONE TIME OFFER

Enter your email address to receive your 50% off dicount code:

SPECIAL OFFER: GET 50% OFF

Use Discount Code:

ISACA Exam Questions

Free ISACA Study Guide

Which of the following should be the FIRST action taken?

Leave a Reply Cancel reply