New Year Sale 2026! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions
Mail Us support@pass4success.com
Location US
Mob_nav_barsMENU

Isaca CISM Exam - Topic 7 Question 35 Discussion

Actual exam question for Isaca's CISM exam
Question #: 35
Topic #: 7
[All CISM Questions]

An information security team has identified traffic from a device to a known malicious IP. Which of the following should be the team's FIRST course of action to address this issue?

Show Suggested Answer Hide Answer
Suggested Answer: D

by Helga at May 04, 2022, 11:38 AM

Limited Time Offer

25%

Off

Get Premium CISM Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

0/2000 characters
Submit Cancel
Aja
4 months ago
Re-imaging sounds extreme for just traffic to a malicious IP.
upvoted 0 times
...
Dyan
4 months ago
Wait, is turning off the device really the best move?
upvoted 0 times
...
Leoma
4 months ago
Definitely agree with disconnecting it!
upvoted 0 times
...
Evan
4 months ago
I think running anti-malware first makes more sense.
upvoted 0 times
...
Launa
5 months ago
Disconnect the device from the network ASAP!
upvoted 0 times
...
Na
5 months ago
I feel like re-imaging the device is too drastic as a first step. We should assess the situation before taking such action.
upvoted 0 times
...
Harris
5 months ago
I'm torn between turning off the device and running anti-malware. I feel like both could be valid, but I lean towards disconnecting first.
upvoted 0 times
...
Cassie
5 months ago
I remember a practice question where we had to prioritize actions, and disconnecting seemed like the safest option.
upvoted 0 times
...
Novella
5 months ago
I think the first step should be to disconnect the device from the network to prevent further damage, but I'm not entirely sure.
upvoted 0 times
...
Adelaide
5 months ago
Okay, the key information is that the village is located on an island. I'll eliminate the options that don't mention an island and go from there.
upvoted 0 times
...
Deandrea
5 months ago
Hmm, this is a bit tricky with all the different user permissions required. I'll need to be really careful to get the chown, chmod, and setfacl commands right. And I'll have to make sure I create the new user bob with the correct UID.
upvoted 0 times
...
Corazon
5 months ago
I think the key here is to focus on the ACLs. The question is asking what action resolves the issue, so it's probably something to do with the firewall rules. I'd start by looking at the outbound ACL and see if I need to allow the 10.66.46.0/23 subnet or DNS traffic.
upvoted 0 times
...
Maryann
5 months ago
I've got a good feeling about this one. JMS and JCA are the two Java EE technologies that are designed for integrating with external systems, so those are the obvious choices. I'm confident those are the right answers.
upvoted 0 times
...
Kristel
5 months ago
I think the best approach here is to look at the correlations between the variables and only keep the ones that are not highly correlated. That way we can reduce the dimensionality without losing too much information.
upvoted 0 times
...
Tracey
5 months ago
Hmm, this seems like a tricky one. I'll need to think through the NETCONF operations carefully to figure out which one is specific to session notifications.
upvoted 0 times
...

Save Cancel