Certified Information Security Manager (CISM) — Question 805

Which of the following should be considered FIRST when recovering a compromised system that needs a complete rebuild?

Answer options

• A. Network system logs
• B. Intrusion detection system (IDS) logs
• C. Patch management files
• D. Configuration management files

Correct answer: D

Explanation

The correct answer is D, as configuration management files provide essential information about the system's setup, which is crucial for a proper rebuild. The other options, while important for monitoring and managing security postures, do not provide the foundational structural details needed for a complete system recovery.