Systems Security Certified Practitioner (SSCP) — Question 23

When a possible intrusion into your organization's information system has been detected, which of the following actions should be performed first?

Answer options

• A. Eliminate all means of intruder access.
• B. Contain the intrusion.
• C. Determine to what extent systems and data are compromised.
• D. Communicate with relevant parties.

Correct answer: C

Explanation

The correct answer is C because understanding the extent of the compromise is crucial for determining the next steps in the response. Options A, B, and D are important actions, but they should follow the assessment of the situation to ensure a targeted and effective response.