Crucial Exams

ISC2 Certified Secure Software Lifecycle Professional (CSSLP) Practice Question

While reviewing SIEM dashboards, you notice your cloud-hosted API server generated a critical alert from the network IDS indicating data exfiltration over an unusual port. Following a formally documented incident response process, what action should you take immediately after the IDS alert is received?

  • Disable the triggering IDS rule to stop additional alerts until further notice.

  • Alert customers and the media about a confirmed breach to maintain transparency and comply with disclosure requirements.

  • Correlate the IDS event with host and application logs to verify the alert and assess the scope of the suspected incident.

  • Immediately wipe and redeploy the affected server from a known-good image to eradicate the potential compromise.

ISC2 Certified Secure Software Lifecycle Professional (CSSLP)
Secure Software Deployment, Operations, Maintenance
Your Score:
Settings & Objectives
Random Mixed
Questions are selected randomly from all chosen topics, with a preference for those you haven’t seen before. You may see several questions from the same objective or domain in a row.
Rotate by Objective
Questions cycle through each objective or domain in turn, helping you avoid long streaks of questions from the same area. You may see some repeat questions, but the distribution will be more balanced across topics.

Check or uncheck an objective to set which questions you will receive.

Wipe Score
Bash, the Crucial Exams Chat Bot
AI Bot