CISM Certified Information Security Manager – Question1375

The PRIORITY action to be taken when a server is infected with a virus is to:

A.
isolate the infected server(s) from the network.
B. identify all potential damage caused by the infection.
C. ensure that the virus database files are current.
D. establish security weaknesses in the firewall.

Correct Answer: A

Explanation:

Explanation:
The priority in this event is to minimize the effect of the virus infection and to prevent it from spreading by removing the infected server(s) from the network. After the network is secured from further infection, the damage assessment can be performed, the virus database updated and any weaknesses sought.