CISM Certified Information Security Manager – Question1352

Which of the following actions should be taken when an information security manager discovers that a hacker is foot printing the network perimeter?

A.
Reboot the border router connected to the firewall
B. Check IDS logs and monitor for any active attacks
C. Update IDS software to the latest available version
D. Enable server trace logging on the DMZ segment

Correct Answer: B

Explanation:

Explanation:
Information security should check the intrusion detection system (IDS) logs and continue to monitor the situation. It would be inappropriate to take any action beyond that. In fact, updating the IDS could create a temporary exposure until the new version can be properly tuned. Rebooting the router and enabling server trace routing would not be warranted.