Certified Information Systems Auditor (CISA) — Question 1394

When responding to an ongoing denial of service (DoS) attack, an organization's FIRST course of action should be to:

Answer options

• A. minimize impact.
• B. investigate damage.
• C. analyze the attack path.
• D. restore service.

Correct answer: A

Explanation

The primary focus during a DoS attack should be to minimize impact, as this helps protect critical resources and maintain operational functionality. Investigating damage, analyzing the attack path, and restoring service are important steps but should come after addressing immediate threats to reduce disruption.