7h • 🙋♂️ CISSP
CISSP question
After containing a ransomware attack, an organization begins restoring critical systems from clean backups. Forensic analysis confirms that the malware has been removed and backups were not compromised. However, the incident response team warns that some security weaknesses that allowed the initial compromise may still exist. What should the organization do as part of the recovery phase of incident management?
A. Restore all affected systems immediately to resume operations and investigate the root cause after services stabilize.
B. Keep affected systems offline until the incident report is completed and approved by executive management.
O c. Reconnect restored systems to the production network while monitoring them for abnormal activity.
D. Validate system integrity and strengthen controls before returning restored systems to normal production operations.
0
1 comment
CISSP question
skool.com/cybersecurity-study-group
Share resources, get advice, and connect with peers studying cybersecurity. Join our CISSP study group and connect with fellow professionals today!
Leaderboard (30-day)
1
+35
2
+31
3
+28
4
+26
5
+25
Powered by