CISM Question #364: Real Exam Question with Answer & Explanation

The correct answer is C: Isolating the affected systems. The first step in recovering from a ransomware attack is to isolate the affected systems. This prevents the ransomware from spreading to other systems and causing further damage, allowing for containment of the incident before proceeding with recovery efforts such as restoring fr

Submitted by fatema_kw· Apr 18, 2026Information Security Incident Management

Question

Which of the following should be the FIRST step in recovering from a ransomware attack?

Options

AAlerting the authorities
BPaying the ransom
CIsolating the affected systems
DRestoring from backup

Explanation

The first step in recovering from a ransomware attack is to isolate the affected systems. This prevents the ransomware from spreading to other systems and causing further damage, allowing for containment of the incident before proceeding with recovery efforts such as restoring from

Topics

#Ransomware#Incident Response#Containment#Recovery Steps

Community Discussion

No community discussion yet for this question.

Full CISM Practice Browse All CISM Questions