exam questions

Exam CISM All Questions

View all questions & answers for the CISM exam

Exam CISM topic 1 question 474 discussion

Actual exam question from Isaca's CISM
Question #: 474
Topic #: 1
[All CISM Questions]

When a critical system incident is reported, the FIRST step of the incident handler should be to:

  • A. power off the system.
  • B. determine the scope of the incident.
  • C. validate the incident.
  • D. notify the appropriate parties.
Show Suggested Answer Hide Answer
Suggested Answer: C 🗳️

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Jess20
1 month, 3 weeks ago
Selected Answer: C
First step? C. validate the incident
upvoted 1 times
...
ServerBrain
2 months, 1 week ago
Selected Answer: B
if reported, it has been validated, then next do be done is B.
upvoted 3 times
...
AlexJacobson
11 months ago
Selected Answer: C
I vote for C here. While I really value input of @blehbleh and @POWNED (along with a few others here who are actually providing helpful comments and discussions and not just idiotic ChatGPT answers), I think you guys are assuming too much for your own good in this question. It clearly says "is reported", not "confirmed" or "validated". So the first thing that incident handler should do is check whether the reported incident is actually an incident. Of course, I might be wrong here and maybe you guys are reading the question better than me. :)
upvoted 1 times
AlexJacobson
11 months ago
Then again, the phases of incident handling are: 1-Incident reporting, 2-incident analysis and 3-incident response. So if "is reported" in the question means that first phase is completed, then it can actually be option B.
upvoted 1 times
...
...
FantasyDream
11 months, 2 weeks ago
Selected Answer: C
C. validate the incident.
upvoted 3 times
...
blehbleh
11 months, 3 weeks ago
Selected Answer: B
I have to go B if it has already been declared an incident it is now time to determine the scope.
upvoted 2 times
...
POWNED
1 year ago
Selected Answer: B
The incident has already been validated by the ISM. And the incident has been declared. It is now time to determine the scope.
upvoted 2 times
...
wickhaarry
1 year, 3 months ago
B. determine the scope of the incident.
upvoted 1 times
...
richck102
1 year, 5 months ago
Selected Answer: C
C. validate the incident.
upvoted 2 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
Loading ...
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago