CISM Certified Information Security Manager – Question1344

When a large organization discovers that it is the subject of a network probe, which of the following actions should be taken?

A.
Reboot the router connecting the DMZ to the firewall
B. Power down all servers located on the DMZ segment
C. Monitor the probe and isolate the affected segment
D. Enable server trace logging on the affected segment

Correct Answer: C

Explanation:

Explanation: In the case of a probe, the situation should be monitored and the affected network segment isolated. Rebooting the router, powering down the demilitarized zone (DMZ) servers and enabling server trace routing are not warranted.