15d • 🙋♂️ CISSP
CISSP Practice Question (Domain 7: Security Operations)
During a ransomware incident, the IR team contains affected systems and begins recovery from backups. Mid-recovery, the CFO authorizes paying the ransom to accelerate restoration. As the incident commander, what should you do FIRST?
A. Comply with the CFO's directive and coordinate the payment through counsel
B. Halt recovery and escalate to the executive crisis team and legal for a documented decision
C. Continue recovery from backups and refuse the payment on policy grounds
D. Engage law enforcement to evaluate the legality of the ransom payment
Come back for the answer tomorrow, or study more now!
2
25 comments
CISSP Practice Question (Domain 7: Security Operations)
skool.com/cybersecurity-study-group
Share resources, get advice, and connect with peers studying cybersecurity. Join our CISSP study group and connect with fellow professionals today!
Leaderboard (30-day)
1
+49
2
+40
3
+23
4
+22
5
+15
Powered by