Isaca CISA Exam - Topic 2 Question 107 Discussion

Actual exam question for Isaca's CISA exam

Question #: 107
Topic #: 2

[All CISA Questions]

A data breach has occurred due lo malware. Which of the following should be the FIRST course of action?

ANotify the cyber insurance company.

BShut down the affected systems.

CQuarantine the impacted systems.

DNotify customers of the breach.

Show Suggested Answer

Suggested Answer: C

The first course of action when a data breach has occurred due to malware is to quarantine the impacted systems. This means isolating the infected systems from the rest of the network and preventing any further communication or data transfer with them. This can help contain the spread of the malware, limit the damage and exposure of sensitive data, and facilitate the investigation and remediation of the incident. Quarantining the impacted systems can also help preserve the evidence and logs that may be needed for forensic analysis or legal action.

[1] provides a guide on how to respond to a data breach caused by malware and recommends quarantining the impacted systems as the first step.

[2] explains what is malware and how it can cause data breaches, and suggests quarantining the infected devices as a best practice.

[3] describes the steps involved in quarantining a system infected by malware and the benefits of doing so.

by Youlanda at Nov 19, 2025, 02:04 PM

Limited Time Offer

25%

Off

Get Premium CISA Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

Submit Cancel

Patria

1 day ago

Quarantine first, then assess the damage before notifying anyone.

upvoted 0 times

...

Myra

6 days ago

I agree, shutting down is the best immediate action to prevent further damage.

upvoted 0 times

...

Page

11 days ago

Customers should be informed, but only after we secure the systems.

upvoted 0 times

...

Dylan

17 days ago

Notifying the insurance company can wait. Focus on containment first.

upvoted 0 times

...

Marsha

22 days ago

I think shutting down the affected systems is crucial first.

upvoted 0 times

...

Edna

27 days ago

Not sure why anyone would choose A) as the first action.

upvoted 0 times

...

Fallon

2 months ago

Agree with shutting down systems, safety first!

upvoted 0 times

...

Glenna

2 months ago

Surprised that notifying customers isn't the first step!

upvoted 0 times

...

Ulysses

2 months ago

Shut it down, then notify the insurance company. Gotta cover your assets, am I right?

upvoted 0 times

...

Denny

2 months ago

D) Notify customers of the breach. They have a right to know what's going on.

upvoted 0 times

...

Stanton

2 months ago

C) Quarantine the impacted systems. Gotta isolate the problem before anything else.

upvoted 0 times

...

Tula

2 months ago

I practiced a similar question, and I think shutting down the affected systems is crucial, but I could be mixing it up with another scenario.

upvoted 0 times

...

Shawnee

3 months ago

I feel like notifying the cyber insurance company might come later, but I can't recall if it should be done right away.

upvoted 0 times

...

Eun

3 months ago

I remember a practice question where shutting down systems was emphasized as a priority, but I wonder if that's the best move here.

upvoted 0 times

...

Melda

3 months ago

I think the first step should be to quarantine the impacted systems to prevent further damage, but I'm not entirely sure.

upvoted 0 times

...

Youlanda

3 months ago

Based on my experience, I'd go with shutting down the systems first. That stops the bleeding and gives us time to investigate further.

upvoted 0 times

...

Maryanne

3 months ago

I think notifying the customers is the most important first step. They need to know their data may have been compromised.

upvoted 0 times

...

Tonja

3 months ago

Quarantining the impacted systems seems like the safest bet to me. That way we can isolate the problem and prevent it from spreading.

upvoted 0 times

...

Justine

4 months ago

I think C) Quarantine is better to contain the issue.

upvoted 0 times

...

Della

4 months ago

Definitely B) Shut down the affected systems first.

upvoted 0 times

...

Francene

4 months ago

B) Shut down the affected systems. That's the quickest way to contain the breach.

upvoted 0 times

...

Maurine

4 months ago

Shut it down, then quarantine it. Can't have that malware spreading like wildfire!

upvoted 0 times

...

Antonio

4 months ago

Quarantining makes sense too, but we need to stop the spread.

upvoted 0 times

...

Peggie

5 months ago

I'm a bit confused - should we notify the insurance company or the customers first? I'm not sure of the right order of steps.

upvoted 0 times

...

Annett

5 months ago

Hmm, this is a tricky one. I'd say shutting down the affected systems would be the first priority to contain the breach.

upvoted 0 times

...