Certified Information Security Manager (CISM) — Question 984

Following a breach where the risk has been isolated and forensic processes have been performed, which of the following should be done NEXT?

Answer options

• A. Place the web server in quarantine.
• B. Rebuild the server from the last verified backup.
• C. Shut down the server in an organized manner.
• D. Rebuild the server with relevant patches from the original media.

Correct answer: D

Explanation

The correct answer is D because rebuilding the server with relevant patches ensures that it is secured against the vulnerabilities that were exploited during the breach. Option A is not appropriate as the risk has already been isolated, while B might not address the vulnerabilities present in the last backup. Option C does not provide a solution for future protection against threats.