Welcome to ExamTopics
ExamTopics Logo
- Expert Verified, Online, Free.
Mail Us[email protected]
Menu
Isaca Discussions
exam questions

Exam CISM All Questions

View all questions & answers for the CISM exam
Go to Exam

Exam CISM topic 1 question 318 discussion

Actual exam question from Isaca's CISM
Question #: 318
Topic #: 1
[All CISM Questions]

An online trading company discovers that a network attack has penetrated the firewall. What should be the information security manager's FIRST response?

  • A. Evaluate the impact to the business.
  • B. Examine firewall logs to identify the attacker.
  • C. Notify the regulatory agency of the incident.
  • D. Implement mitigating controls.
Show Suggested Answer Hide Answer
Suggested Answer: A 🗳️
by Broesweelies at Jan. 23, 2023, 3:55 p.m.

Comments

Chosen Answer:
This is a voting comment (?) , you can switch to a simple comment.
Switch to a voting comment New
Submit Cancel
Broesweelies
Highly Voted 1 year, 10 months ago
Selected Answer: D
D. Implement mitigating controls. When an online trading company discovers that a network attack has penetrated the firewall, the information security manager's first response should be to implement mitigating controls to contain and limit the scope of the attack as much as possible. This might include isolating the affected systems, shutting down or disconnecting compromised systems from the network, and implementing new firewall rules to block the attackers' IP addresses. This will help prevent the attackers from causing further damage, steal more data or spread the malware. After that, the information security manager can then evaluate the impact to the business, examine firewall logs to identify the attacker, and notify the regulatory agency of the incident.
upvoted 6 times
AaronS1990
1 year, 3 months ago
Nope, you're wrong again. No surprise really seeing as all you're capable of is using chatGPT
upvoted 4 times
iyke2k4
2 months, 3 weeks ago
Chatgpt selected A. That answer is from Gemini or Coplit. What's the answer and justification from ISACA's perspective?
upvoted 1 times
...
...
AlexJacobson
10 months ago
yeah keep using ChatGPT, you're surely gonna pass the exam... I don't care, but you are doing a disservice to everybody here.
upvoted 1 times
...
...
dark_3k03r
Highly Voted 1 year, 7 months ago
Selected Answer: A
The first part of the IR process is identifying and assessing the current state. An't do this without doing A. So (A) is the correct answer. Rationale: B. Knowing the attacker is great for attribution, but does little to address the issue C. This should only be done once the threat/impact is fully understood D. This should only be done once the threat/impact is fully understood
upvoted 5 times
...
yottabyte
Most Recent 8 months, 1 week ago
Selected Answer: A
A is the choice, the question says PENETRATED and D reflects to options before getting PENETRATED.
upvoted 1 times
...
oluchecpoint
9 months, 2 weeks ago
Selected Answer: A
Option A
upvoted 1 times
...
secdoc
1 year, 1 month ago
Must pay attention to the role in question if nothing else. Managers do not implement controls, engineers and admins do.
upvoted 2 times
...
Agamennore
1 year, 2 months ago
Selected Answer: A
It’s A because before any action you have to understand which is the business impact
upvoted 2 times
...
AaronS1990
1 year, 3 months ago
Selected Answer: A
As ever, first analyse/impact/confirm... whatever the phrase may be, take action to confirm exactly what the issue is before escalating any further
upvoted 1 times
...
[Removed]
1 year, 4 months ago
Selected Answer: A
Evaluate first. Maybe you dont need more controls
upvoted 1 times
...
chanke
1 year, 5 months ago
Selected Answer: A
Remember before you do anything like transfer, mitigate or etc... you need to evaluate the risk First to see how impactful it is to the business.
upvoted 3 times
...
richck102
1 year, 5 months ago
D. Implement mitigating controls.
upvoted 1 times
richck102
1 year, 5 months ago
i vote A. Evaluate the impact to the business.
upvoted 3 times
...
...
Rowlandmarc
1 year, 8 months ago
Selected Answer: A
Following ISACA's own model below - A is the logical answer as it follows the analysis of the incident https://www.isaca.org/resources/isaca-journal/issues/2020/volume-4/incident-response-models Preparation Detection and analysis Containment, eradication and recovery Postincident activity
upvoted 3 times
...
Wladysk
1 year, 9 months ago
Selected Answer: A
I will go with A as a part of the Incident Response Plan, Tiage Phase after Indentfication was completed. D is more related to Rik Managment actions.
upvoted 1 times
...
carbon232
1 year, 9 months ago
Selected Answer: D
D was my choice; in the real world you need to shut it down ASAP. Best way would be to invoke mitigating controls
upvoted 1 times
...

Get IT Certification

Unlock free, top-quality video courses on ExamTopics with a simple registration. Elevate your learning journey with our expertly curated content. Register now to access a diverse range of educational resources designed for your success. Start learning today with ExamTopics!

Start Learning for free
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel