Oct 5 • 🙋♂️ CISSP
CISSP Practice Question – Security Operations & Risk Management
During an ongoing ransomware attack, a system administrator discovers that several critical servers are actively encrypting files. Senior leadership is out of contact, and the company’s incident response plan is still in draft form.
What should the administrator do FIRST?
A. Shut down all affected systems to stop the encryption immediately.
B. Disconnect the affected servers from the network and preserve volatile evidence.
C. Attempt to restore the servers from the most recent backup.
D. Notify law enforcement about the ransomware activity.
3
16 comments
CISSP Practice Question – Security Operations & Risk Management
skool.com/cybersecurity-study-group
Share resources, get advice, and connect with peers studying cybersecurity. Join our CISSP study group and connect with fellow professionals today!
Leaderboard (30-day)
1
+42
2
+30
3
+30
4
+26
5
+15
Powered by