Once an intrusion into your organization's information system has been detected, which of the following actions should be performed first?

Unlock all questions

This demo includes only 20 questions. Upgrade to access hundreds of questions, flashcards, exam simulations, and disable ads.

Full question bankExam simulationsFlashcards
From $9.99Unlock all

Prepare for the Digital Forensics, Investigation, and Response Test. Study with multiple choice questions that include hints and explanations. Enhance your understanding of digital forensics principles and get ready for your exam!

Multiple Choice

Once an intrusion into your organization's information system has been detected, which of the following actions should be performed first?

Explanation:
Stopping the attack by containing it is the immediate priority when an intrusion is detected. Containment means isolating affected systems, blocking attacker access, and segmenting networks so the intruder can’t move laterally or exfiltrate data. This halts ongoing damage and gives you time to assess scope and implement safeguards without letting the situation worsen. Containment also helps preserve evidence by limiting further changes to the environment. Once containment is in place, you can perform forensic collection in a controlled way, then move on to eradication and recovery. Notifying management and restoring from backups are important steps too, but they belong after containment to avoid spreading the intrusion or reintroducing compromised data.

Stopping the attack by containing it is the immediate priority when an intrusion is detected. Containment means isolating affected systems, blocking attacker access, and segmenting networks so the intruder can’t move laterally or exfiltrate data. This halts ongoing damage and gives you time to assess scope and implement safeguards without letting the situation worsen. Containment also helps preserve evidence by limiting further changes to the environment. Once containment is in place, you can perform forensic collection in a controlled way, then move on to eradication and recovery. Notifying management and restoring from backups are important steps too, but they belong after containment to avoid spreading the intrusion or reintroducing compromised data.

More Multiple Choice Questions
Subscribe

Get the latest from Examzify

You can unsubscribe at any time. Read our privacy policy