Oct 24 • 🙋♂️ CISSP
CISSP Practice Question – Security Operations (Incident Response)
During a major security incident, analysts determine that an attacker gained access through a compromised third-party API used by several internal applications. The organization has contained the affected systems and begun restoring from backups.
According to proper incident response procedures, what should the security team do NEXT?
A. Notify law enforcement of the breach and provide forensic evidence.
B. Perform a lessons-learned review to identify control gaps and process improvements.
C. Conduct a full forensic analysis to confirm the attack vector and scope of compromise.
D. Resume normal operations once all backups are verified and systems are restored.
4
20 comments
CISSP Practice Question – Security Operations (Incident Response)
skool.com/cybersecurity-study-group
Share resources, get advice, and connect with peers studying cybersecurity. Join our CISSP study group and connect with fellow professionals today!
Leaderboard (30-day)
1
+45
2
+30
3
+30
4
+26
5
+15
Powered by