Welcome to ExamTopics
ExamTopics Logo
- Expert Verified, Online, Free.
Mail Us[email protected]
Menu
Isaca Discussions
exam questions

Exam CISA All Questions

View all questions & answers for the CISA exam
Go to Exam

Exam CISA topic 1 question 30 discussion

Actual exam question from Isaca's CISA
Question #: 30
Topic #: 1
[All CISA Questions]

When an intrusion into an organization's network is detected, which of the following should be done FIRST?

  • A. Contact law enforcement.
  • B. Identify nodes that have been compromised.
  • C. Block all compromised network nodes.
  • D. Notify senior management
Show Suggested Answer Hide Answer
Suggested Answer: C 🗳️
by Changwha at July 9, 2023, 10:11 a.m.

Comments

Chosen Answer:
This is a voting comment (?) , you can switch to a simple comment.
Switch to a voting comment New
Submit Cancel
macksonj
Highly Voted 3 months ago
I believe identifying the compromised nodes comes before taking action to block it. So in my view , B is the best answer.
upvoted 6 times
...
Pumeza
Most Recent 1 week, 1 day ago
B for Bravo
upvoted 1 times
...
1Naa
1 week, 3 days ago
Selected Answer: B
You can't block compromised nodes if you don't ID them first
upvoted 2 times
...
macksonj
1 month, 2 weeks ago
The question has technically taken care of identification through detection. Further identification can be done after blocking all compromised nodes that were detected.
upvoted 1 times
...
B1990
4 months, 1 week ago
Answer is B, How can I block something that has not been identified?
upvoted 4 times
...
Swallows
5 months, 2 weeks ago
Selected Answer: C
Blocking compromised network nodes helps to immediately contain the intrusion and prevent the attackers from accessing additional systems or causing further harm. This action buys time for the organization to assess the situation, identify the extent of the compromise, and formulate a comprehensive response plan, including identifying the compromised nodes (option B) in detail.
upvoted 2 times
Bosstate26
3 months, 3 weeks ago
I think its B first then C, how could you block all compromised nodes without identifying them first? How will blocking compromised nodes help to identify the compromised nodes in detail?
upvoted 1 times
...
hulisani
5 months, 1 week ago
But you have to identify first and then block
upvoted 2 times
Swallows
4 months ago
Certainly, answer B is better. I was torn between answer D and B. Identifying compromised nodes is crucial for understanding the scope of the intrusion and determining the appropriate response actions. Notifying senior management can follow once there is a clearer picture of the incident.
upvoted 1 times
kclow
3 months, 3 weeks ago
Notifying senior management when the ques asked in this way: What IT Auditor should do in the first place when this issue happens? Add on why C is wrong: Prematurely blocking ALL compromised nodes could disrupt business operations and may not fully address the intrusion issue.
upvoted 1 times
...
...
...
...
a84n
6 months, 3 weeks ago
Selected Answer: B
Answer: B
upvoted 1 times
...
5b56aae
7 months ago
Selected Answer: C
The 1st thing to do is to stop it
upvoted 1 times
...
ndey926
1 year, 1 month ago
In the detection phase of incident management, we have to determine whether its a security incident or not Ans:B. Identify nodes that have been compromised
upvoted 2 times
...
Changwha
1 year, 4 months ago
C, the first step after detecting an intrusion is to block all compromised network nodes.
upvoted 2 times
Bankyz
1 year, 4 months ago
You need to identify the nodes first
upvoted 5 times
...
...

Get IT Certification

Unlock free, top-quality video courses on ExamTopics with a simple registration. Elevate your learning journey with our expertly curated content. Register now to access a diverse range of educational resources designed for your success. Start learning today with ExamTopics!

Start Learning for free
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel