27d • 🙋♂️ CISSP
CISSP Practice Question – Security Operations (BCP/DRP vs. Forensic Recovery)
A ransomware attack encrypts multiple servers, including systems that store financial transaction data. Management activates the disaster recovery plan to restore from clean backups and resume business operations as quickly as possible. Meanwhile, law enforcement and internal investigators request that the affected systems remain offline to preserve evidence for criminal prosecution.
What is the BEST course of action?
A. Prioritize rapid system recovery and resume operations immediately using backups to meet RTO objectives.
B. Delay full recovery until investigators complete forensic imaging and evidence collection.
C. Restore essential systems first, while creating verified forensic images of compromised hosts before reinitialization.
D. Refuse to proceed with any restoration until the court issues a warrant authorizing evidence handling.
2
20 comments
CISSP Practice Question – Security Operations (BCP/DRP vs. Forensic Recovery)
skool.com/cybersecurity-study-group
Share resources, get advice, and connect with peers studying cybersecurity. Join our CISSP study group and connect with fellow professionals today!
Leaderboard (30-day)
1
+46
2
+31
3
+30
4
+26
5
+17
Powered by