Skillset can help you prepare! Sign up for your free Skillset account and take the first steps towards your certification.
An IT security engineer notices that the company's web server is currently being hacked. What should the engineer do next?
Determine the origin of the attack and launch a counterattack
Perform a system restart on the company's web server
A security engineer is not a forensics investigator.
Unplug the network connection on the company's web server.
WRONG: I didn't write this question but the answer is wrong. The first step in that case is to contain the incident by unplugging network connection. ***Added, I also concur with the previous statement, because as a CISSP the best practice is to mitigate the issue and not investigate. A security engineer is not a forensics investigator. (changing answer to "unplug the network connection on the company's web server" from "record as much information as possible from the attack.")
Mitigation or investigation could be correct, depending on the circumstances. Changing the disputed answer ("record as much information as possible from the attack.") to a clearly wrong one ("record as much information as possible from the attack.")
EDIT: From ISC2 Official Study Guide, Seventh Edition, Page 822: "The first actions you take should be dedicated to limiting the exposure of your organization and preventing further damage. In the case of a potentially compromised system, you should disconnect it from the network to prevent intruders from accessing the compromised system and also to prevent the compromised system from affecting other resources on the network."
Train with Skillset and pass your certification exam. Faster. Guaranteed.
Study thousands of practice questions that organized by skills and ranked by difficulty.
Create a tailored training plan based on the knowledge you already possess.
Know when you’re ready for the high-stakes exam. Have the confidence that you will pass on your first attempt.