ExpertEasy1 markMultiple Choice
CPA · Question 50 · Area II: Security
An auditor is reviewing the 'Incident Response Plan'. The plan includes a step for 'Containment'. What is the primary goal of this phase?
An auditor is reviewing the 'Incident Response Plan'. The plan includes a step for 'Containment'. What is the primary goal of this phase?
Answer options:
A.
To restore systems to normal operation.
B.
To stop the spread of the attack and prevent further damage.
C.
To determine the root cause of the attack.
D.
To punish the attacker.
How to approach this question
Containment = Stop the bleeding.
Full Answer
B.To stop the spread of the attack and prevent further damage.✓ Correct
Containment aims to limit the scope and magnitude of the incident. This might involve disconnecting a server from the network to prevent malware from spreading.
Common mistakes
Confusing Containment with Eradication (removing the threat) or Recovery (restoring service).
Practice the full CPA ISC Practice Exam 3
82 questions · hints · full answers · grading
More questions from this exam
Q01A CPA is advising a client who is migrating their legacy on-premise ERP system to a cloud-based s...MediumQ02During a review of a client's cloud governance structure, an auditor notes that the client uses a...MediumQ03An auditor is evaluating the 'Processing Integrity' principle for a financial institution's loan ...HardQ04A company uses a batch processing system to update inventory records overnight. The 'Grandfather-...HardQ05During a walkthrough of the change management process, an auditor observes that the 'Developer' r...Medium