CISSP Question #81: Real Exam Question with Answer & Explanation

The correct answer is D: Verify the threat and determine the scope of the attack.. The initial response to Intrusion Detection System/Intrusion Prevention System (IDS/IPS) alerts should be to verify the threat and determine the scope of the attack, as this will help to confirm the validity and severity of the alert, and to identify the affected systems, network

Submitted by akirajp· Mar 5, 2026Security Operations

Question

What should be the INITIAL response to Intrusion Detection System/Intrusion Prevention System (IDS/IPS) alerts?

Options

AEnsure that the Incident Response Plan is available and current.
BDetermine the traffic's initial source and block the appropriate port.
CDisable or disconnect suspected target and source systems.
DVerify the threat and determine the scope of the attack.

Explanation

The initial response to Intrusion Detection System/Intrusion Prevention System (IDS/IPS) alerts should be to verify the threat and determine the scope of the attack, as this will help to confirm the validity and severity of the alert, and to identify the affected systems, networks, and data. This step is essential to avoid false positives, false negatives, and overreactions, and to prepare for the appropriate mitigation and recovery actions. Ensuring that the Incident Response Plan is available and current is a preparatory step that should be done before any IDS/IPS alert occurs, not after. Determining the traffic's initial source and blocking the appropriate port, and disabling or disconnecting suspected target and source systems are possible mitigation steps that should be done after verifying the threat and determining the scope of the attack, not before.

Topics

#incident response#IDS/IPS alerts#threat verification#attack scope

Community Discussion

No community discussion yet for this question.

Full CISSP Practice Browse All CISSP Questions