Certified Information Systems Auditor (CISA) — Question 1090
A network analyst is monitoring the network after hours and detects activity that appears to be a brute-force attempt to compromise a critical server. After reviewing the alerts to ensure their accuracy, what should be done NEXT?
Answer options
- A. Perform a root cause analysis.
- B. Document all steps taken in a written report.
- C. Isolate the affected system.
- D. Invoke the incident response plan.
Correct answer: D
Explanation
The correct answer is D, as invoking the incident response plan is essential for addressing security incidents systematically. While the other options may be important steps, they are not the immediate priority after confirming a potential security breach.