nerdexam
ExamsCISMQuestions#369
IsacaIsaca

CISM · Question #369

CISM Question #369: Real Exam Question with Answer & Explanation

The correct answer is C: Contain the incident.. The first course of action when responding to an incident is to contain it. Containment helps to limit the spread of the incident, minimize damage, and preserve evidence for further investigation, enabling a controlled and effective response.

Submitted by skyler.x· Apr 18, 2026Information Security Incident Management

Question

Which of the following should be the FIRST course of action by the incident response team when responding to an incident?

Options

  • AMaintain the chain of custody.
  • BReview security logs.
  • CContain the incident.
  • DDetermine the root cause of the incident.

Explanation

The first course of action when responding to an incident is to contain it. Containment helps to limit the spread of the incident, minimize damage, and preserve evidence for further investigation, enabling a controlled and effective response.

Topics

#Incident Response#Incident Containment#Incident Management Process

Community Discussion

No community discussion yet for this question.

Sign up to join the discussion
Full CISM PracticeBrowse All CISM Questions