Certified Information Security Manager (CISM) — Question 809

Which of the following is an incident containment method?

Answer options

• A. Reviewing system logs and audit trails
• B. Removing compromised systems from the network
• C. Analyzing systems for impact from the incident
• D. Mapping the scope of the incident on the network

Correct answer: B

Explanation

The correct answer, B, is effective because removing compromised systems from the network helps to prevent the spread of the incident. The other options focus on analyzing or understanding the incident rather than actively containing it.