Certified Information Security Manager (CISM) — Question 894
Which of the following MUST happen immediately following the identification of a malware incident?
Answer options
- A. Eradication
- B. Containment
- C. Preparation
- D. Recovery
Correct answer: B
Explanation
The correct answer is B, as containment is critical to prevent the spread of malware after it has been identified. Eradication (A) and recovery (D) are subsequent steps that follow containment, while preparation (C) is a proactive measure taken before any incidents occur.