Question: Once an intrusion into your organizations information system has been detected, which of the following actions should be performed first?
A. Eliminate all means of intruder access
B. Contain the intrusion
C. Determine to what extent systems and data are compromised
D. Communicate with relevant parties

Download pdf (with explanations) edition of this exam.