Following the detection of a data breach in your organization's customer database, which of the following actions represents the BEST mitigation strategy?
Restore the database from a backup and resume operations
Deploy patches to affected systems while keeping services operational
Run antivirus scans across affected network segments
Disconnect the affected database server from the network while maintaining a forensic copy
The correct answer is disconnecting the affected database server from the network while maintaining a forensic copy. This approach represents the best mitigation strategy because:
It stops the ongoing breach by isolating the affected system, preventing further unauthorized access and data exfiltration
It preserves evidence through the forensic copy, which is essential for proper investigation and determining the scope and impact of the breach
It balances the need to contain the incident while enabling proper forensic investigation
The other options are less appropriate because:
Patching systems without isolation fails to stop active attackers who have already gained access
Running antivirus software alone is insufficient for addressing an active breach and may destroy valuable evidence
Immediately restoring from backup without proper investigation may reintroduce vulnerabilities, destroy evidence, and fail to address the root cause of the breach
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
Why is it important to maintain a forensic copy after detecting a data breach?
Open an interactive chat with Bash
What are the risks of deploying patches while keeping services operational during a data breach?
Open an interactive chat with Bash
Why is restoring from a backup without proper investigation risky after a data breach?
Open an interactive chat with Bash
ISC2 CISSP
Security Operations
Your Score:
Report Issue
Bash, the Crucial Exams Chat Bot
AI Bot
Loading...
Loading...
Loading...
IT & Cybersecurity Package Join Premium for Full Access