Following a successful attack, an information security manager should be confident the malware has not continued to spread at the completion of which incident response phase?
You must focus on the question. The question states "should be" if the question stated "is completely confident" than I would agree that the answer would be B. Based on the layout of the question D is the best answer. Key words in ISACA questions are sooo important. BEST, FIRST, COMPLETE, SHOULD. If you are taking your test at a testing center write down the key words for each question so you dont miss the scope of the question.
Eradication- When containment measures have been deployed after an incident occurs, the root cause of the incident must be identified and removed from the network. CISM Review Manual 16th Edition. The answer should be B
The correct answer is D. Containment.
During the incident response process, containment is the phase where the information security manager takes steps to prevent the malware from spreading further within the system or network. This involves isolating the affected systems, disconnecting them from the network, and implementing safeguards to prevent the malware from spreading to other systems or users. Once containment is successfully completed, the information security manager can be confident that the malware has not continued to spread.
B Eradication - In this phase, the goal is to completely remove the malware or security threat from the affected systems. It includes activities like removing malware files, closing vulnerabilities, and ensuring the environment is clean and secure.
The containment phase of incident response is focused on stopping the spread of malware or other malicious code. This is done by isolating the affected systems and preventing them from communicating with other systems. Once the malware has been contained, the incident response team can move on to the eradication phase, which is focused on removing the malware from the affected systems.
Therefore, the information security manager should be confident that the malware has not continued to spread at the completion of the containment phase. This is because the containment phase is focused on stopping the spread of malware, which is the first step in recovering from an incident.
This section is not available anymore. Please use the main Exam Page.CISM Exam Questions
Log in to ExamTopics
Sign in:
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
88d4601
4 days, 16 hours agoPOWNED
11 months, 1 week agoPOWNED
11 months, 2 weeks agoCCIEBYDEC
1 year agokoala_lay
1 year, 3 months agoCert_IT
1 year, 3 months agoafc1019
1 year, 5 months agorichck102
1 year, 5 months ago