Certified Information Systems Auditor (CISA) — Question 805

An incident response team has been notified of a virus outbreak in a network subnet. Which of the following should be the NEXT step?

Answer options

• A. Remove and restore the affected systems.
• B. Verify that the compromised systems are fully functional.
• C. Focus on limiting the damage.
• D. Document the incident.

Correct answer: C

Explanation

The correct action is to concentrate on minimizing the impact, as this helps to contain the outbreak and prevent further spread. Removing and restoring systems, verifying functionality, or documenting the incident can occur later but are not immediate priorities during an outbreak.