Welcome to ExamTopics
ExamTopics Logo
- Expert Verified, Online, Free.
Mail Us[email protected]
Menu
Isaca Discussions
exam questions

Exam CISM All Questions

View all questions & answers for the CISM exam
Go to Exam

Exam CISM topic 1 question 795 discussion

Actual exam question from Isaca's CISM
Question #: 795
Topic #: 1
[All CISM Questions]

An organization has received complaints from users that some of their files have been encrypted. These users are receiving demands for money to decrypt the files. Which of the following would be the BEST course of action?

  • A. Isolate the affected systems.
  • B. Conduct an impact assessment.
  • C. Initiate incident response.
  • D. Rebuild the affected systems.
Show Suggested Answer Hide Answer
Suggested Answer: C 🗳️
by richck102 at July 10, 2023, 7:45 a.m.

Comments

Chosen Answer:
This is a voting comment (?) , you can switch to a simple comment.
Switch to a voting comment New
Submit Cancel
pgonza
2 months, 3 weeks ago
Selected Answer: C
C - Initiate Incident response-. The question mentions "course of action" not a single stage in incident response. Moreover, Containment (isolating affected systems) is part of the Incident response course of action
upvoted 1 times
...
AlexJacobson
9 months, 3 weeks ago
Selected Answer: C
It's a ransomware infection = incident (and a pretty large one, I may add). Ergo initiate incident response. Incident response would encompass isolation during containment phase.
upvoted 2 times
...
blehbleh
10 months, 2 weeks ago
Selected Answer: C
It is C, too many people are focused on just one aspect being A which is isolation. Isolating the systems is a part of the incident response as well as several other necessary steps.
upvoted 1 times
...
enk
11 months, 2 weeks ago
Selected Answer: A
Yes, isolate to prevent further spread of ransomware.
upvoted 1 times
...
Uncle_Lucifer
11 months, 2 weeks ago
Selected Answer: C
Don't forget this Incidence response is the plan that has procedures to confirm risk, isolating, containing, mitigating,
upvoted 1 times
...
ideu
1 year ago
Selected Answer: A
There is a ransomware attack in progress .... isolate the afected systems should be the first action to perfrom.
upvoted 1 times
Uncle_Lucifer
11 months, 2 weeks ago
correct, but Incidence response encompasses A and B as well.
upvoted 2 times
...
Uncle_Lucifer
11 months, 2 weeks ago
if the question stated first course and not best, then your answer of A would be correct
upvoted 2 times
...
...
richck102
1 year, 4 months ago
Selected Answer: C
C. Initiate incident response.
upvoted 2 times
...

Get IT Certification

Unlock free, top-quality video courses on ExamTopics with a simple registration. Elevate your learning journey with our expertly curated content. Register now to access a diverse range of educational resources designed for your success. Start learning today with ExamTopics!

Start Learning for free
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel