Certified Information Security Manager (CISM) — Question 793

Which of the following is the BEST course of action when an online company discovers a network attack in progress?

Answer options

• A. Shut off all network access points.
• B. Isolate the affected network segment.
• C. Dump all event logs to removable media.
• D. Enable trace logging on all events.

Correct answer: B

Explanation

The best action is to isolate the affected network segment to contain the attack and prevent it from spreading. Shutting off all network access points can disrupt business operations entirely and does not specifically target the attack. Dumping event logs, while useful for analysis later, does not address the immediate threat. Enabling trace logging is important for tracking events but does not help mitigate the ongoing attack.