nerdexam
(ISC)2

CISSP · Question #48

Which one of the following is a fundamental objective in handling an incident?

The correct answer is A. To restore control of the affected systems. Incident response prioritizes restoring normal operations and regaining control of affected systems above all other considerations.

Submitted by neha2k· Mar 5, 2026Security Operations

Question

Which one of the following is a fundamental objective in handling an incident?

Options

  • ATo restore control of the affected systems
  • BTo confiscate the suspect's computers
  • CTo prosecute the attacker
  • DTo perform full backups of the system

How the community answered

(23 responses)
  • A
    87% (20)
  • C
    4% (1)
  • D
    9% (2)

Why each option

Incident response prioritizes restoring normal operations and regaining control of affected systems above all other considerations.

ATo restore control of the affected systemsCorrect

The fundamental objective of incident handling is to restore control of affected systems to minimize damage, contain the incident, and return to normal operations as quickly as possible. This aligns with the core phases of incident response (containment, eradication, and recovery) defined in frameworks like NIST SP 800-61, which emphasize operational restoration as the primary goal.

BTo confiscate the suspect's computers

Confiscating suspect computers is a law enforcement action that may occur during forensic investigation but is not a fundamental incident handling objective for most organizations.

CTo prosecute the attacker

Prosecuting the attacker is a potential legal outcome but is not a primary incident response objective; many incidents never lead to prosecution, and it is outside the direct scope of incident handling teams.

DTo perform full backups of the system

Performing full backups is a preventive and recovery-support activity done before or after an incident, not a fundamental objective during active incident handling.

Concept tested: Fundamental objectives of incident response handling

Source: https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-61r2.pdf

Topics

#incident response#system restoration#containment

Community Discussion

No community discussion yet for this question.

Full CISSP Practice