Certified Information Security Manager (CISM) — Question 737

Which of the following incident response phases involves actions to help safeguard critical systems while maintaining business operations?

Answer options

• A. Containment
• B. Identification
• C. Preparation
• D. Recovery

Correct answer: A

Explanation

The correct answer is A, Containment, which focuses on limiting the impact of an incident while allowing business operations to persist. Identification involves recognizing the incident, Preparation is about planning for potential incidents, and Recovery is the phase where systems are restored post-incident, none of which specifically address the need to safeguard systems during ongoing operations.