What is the FIRST thing the incident response manager should do?

Posted by: Pdfprep Category: CISM Tags: , ,

A possible breach of an organization’s IT system is reported by the project manager.

What is the FIRST thing the incident response manager should do?
A . Run a port scan on the system
B . Disable the logon ID
C . Investigate the system logs
D . Validate the incident

Answer: D

Explanation:

When investigating a possible incident, it should first be validated. Running a port scan on the system, disabling the logon IDs and investigating the system logs may be required based on preliminary forensic investigation, but doing so as a first step may destroy the evidence.

Leave a Reply

Your email address will not be published.