An auditor is reviewing the 'Incident Response Plan'. The plan includes a step for 'Containment'. What is the primary goal of this phase?

Answer options:

To restore systems to normal operation.

To stop the spread of the attack and prevent further damage.

To determine the root cause of the attack.

To punish the attacker.

How to approach this question

Containment = Stop the bleeding.

Full Answer

B.To stop the spread of the attack and prevent further damage.✓ Correct

Containment aims to limit the scope and magnitude of the incident. This might involve disconnecting a server from the network to prevent malware from spreading.

Common mistakes

Confusing Containment with Eradication (removing the threat) or Recovery (restoring service).

Question 49 All questions Question 51

Practice the full CPA ISC Practice Exam 3

82 questions · hints · full answers · grading

More questions from this exam

Q01A CPA is advising a client who is migrating their legacy on-premise ERP system to a cloud-based s...Medium Q02During a review of a client's cloud governance structure, an auditor notes that the client uses a...Medium Q03An auditor is evaluating the 'Processing Integrity' principle for a financial institution's loan ...Hard Q04A company uses a batch processing system to update inventory records overnight. The 'Grandfather-...Hard Q05During a walkthrough of the change management process, an auditor observes that the 'Developer' r...Medium

View all 82 questions →