New Year Sale 2026! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions
Mail Us support@pass4success.com
Location US
Mob_nav_barsMENU

Isaca CISA Exam - Topic 2 Question 107 Discussion

Actual exam question for Isaca's CISA exam
Question #: 107
Topic #: 2
[All CISA Questions]

A data breach has occurred due lo malware. Which of the following should be the FIRST course of action?

Show Suggested Answer Hide Answer
Suggested Answer: C

The first course of action when a data breach has occurred due to malware is to quarantine the impacted systems. This means isolating the infected systems from the rest of the network and preventing any further communication or data transfer with them. This can help contain the spread of the malware, limit the damage and exposure of sensitive data, and facilitate the investigation and remediation of the incident. Quarantining the impacted systems can also help preserve the evidence and logs that may be needed for forensic analysis or legal action.


[1] provides a guide on how to respond to a data breach caused by malware and recommends quarantining the impacted systems as the first step.

[2] explains what is malware and how it can cause data breaches, and suggests quarantining the infected devices as a best practice.

[3] describes the steps involved in quarantining a system infected by malware and the benefits of doing so.

by Youlanda at Nov 19, 2025, 02:04 PM

Limited Time Offer

25%

Off

Get Premium CISA Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

0/2000 characters
Submit Cancel
Fallon
10 hours ago
Agree with shutting down systems, safety first!
upvoted 0 times
...
Glenna
6 days ago
Surprised that notifying customers isn't the first step!
upvoted 0 times
...
Ulysses
11 days ago
Shut it down, then notify the insurance company. Gotta cover your assets, am I right?
upvoted 0 times
...
Denny
16 days ago
D) Notify customers of the breach. They have a right to know what's going on.
upvoted 0 times
...
Stanton
21 days ago
C) Quarantine the impacted systems. Gotta isolate the problem before anything else.
upvoted 0 times
...
Tula
26 days ago
I practiced a similar question, and I think shutting down the affected systems is crucial, but I could be mixing it up with another scenario.
upvoted 0 times
...
Shawnee
1 month ago
I feel like notifying the cyber insurance company might come later, but I can't recall if it should be done right away.
upvoted 0 times
...
Eun
1 month ago
I remember a practice question where shutting down systems was emphasized as a priority, but I wonder if that's the best move here.
upvoted 0 times
...
Melda
1 month ago
I think the first step should be to quarantine the impacted systems to prevent further damage, but I'm not entirely sure.
upvoted 0 times
...
Youlanda
2 months ago
Based on my experience, I'd go with shutting down the systems first. That stops the bleeding and gives us time to investigate further.
upvoted 0 times
...
Maryanne
2 months ago
I think notifying the customers is the most important first step. They need to know their data may have been compromised.
upvoted 0 times
...
Tonja
2 months ago
Quarantining the impacted systems seems like the safest bet to me. That way we can isolate the problem and prevent it from spreading.
upvoted 0 times
...
Justine
2 months ago
I think C) Quarantine is better to contain the issue.
upvoted 0 times
...
Della
2 months ago
Definitely B) Shut down the affected systems first.
upvoted 0 times
...
Francene
2 months ago
B) Shut down the affected systems. That's the quickest way to contain the breach.
upvoted 0 times
...
Maurine
3 months ago
Shut it down, then quarantine it. Can't have that malware spreading like wildfire!
upvoted 0 times
...
Antonio
3 months ago
Quarantining makes sense too, but we need to stop the spread.
upvoted 0 times
...
Peggie
3 months ago
I'm a bit confused - should we notify the insurance company or the customers first? I'm not sure of the right order of steps.
upvoted 0 times
...
Annett
3 months ago
Hmm, this is a tricky one. I'd say shutting down the affected systems would be the first priority to contain the breach.
upvoted 0 times
...

Save Cancel