nerdexam
ExamsCISSPQuestions#794
(ISC)2(ISC)2

CISSP · Question #794

CISSP Question #794: Real Exam Question with Answer & Explanation

The correct answer is B: Record all facts regarding the incident.. When the incident is suspected, you want to record all facts to help confirm if it becomes and actual incident. Once it becomes confirmed as an actual incident then containment is the next course of action.

Submitted by tarun92· Mar 5, 2026Security Operations

Question

Which is the FIRST action the Incident Response team should take when an incident is suspected?

Options

  • AChoose a containment strategy.
  • BRecord all facts regarding the incident.
  • CAttempt to identify the attacker.
  • DNotify management of the incident.

Explanation

When the incident is suspected, you want to record all facts to help confirm if it becomes and actual incident. Once it becomes confirmed as an actual incident then containment is the next course of action.

Topics

#incident response#incident identification#logging#fact-finding

Community Discussion

No community discussion yet for this question.

Sign up to join the discussion
Full CISSP PracticeBrowse All CISSP Questions