CISM Question #179: Real Exam Question with Answer & Explanation

The correct answer is A: Containment. The first action to consider when responding to a major security breach is containment. Containment helps to prevent further damage or spread of the breach, ensuring the issue is controlled before moving on to further steps like forensics or eradication. Once the breach is contai

Submitted by renata2k· Apr 18, 2026Information Security Incident Management

Question

Which of the following should be considered FIRST when responding to a major security breach?

Options

AContainment
BForensics
CEradication
DDocumentation

Explanation

The first action to consider when responding to a major security breach is containment. Containment helps to prevent further damage or spread of the breach, ensuring the issue is controlled before moving on to further steps like forensics or eradication. Once the breach is contained, the organization can then proceed with forensics to investigate the cause, eradication to remove the threat, and documentation for reporting and analysis.

Topics

#Incident Response Process#Containment#Security Breach Response

Community Discussion

No community discussion yet for this question.

Full CISM Practice Browse All CISM Questions