Certified Information Security Manager (CISM) — Question 451

After a server has been attacked, which of the following is the BEST course of action?

Answer options

• A. Isolate the system.
• B. Initiate incident response.
• C. Conduct a security audit.
• D. Review vulnerability assessment.

Correct answer: B

Explanation

The best initial response after a server attack is to initiate incident response, as this involves a systematic approach to managing the aftermath of the incident. Isolating the system (A) is important but should be part of the incident response plan rather than the first action taken. Conducting a security audit (C) and reviewing vulnerability assessments (D) are valuable steps but come after addressing the immediate threat.