A prepared electrical contracting business should develop a written ____ that outlines communication protocols, containment steps, and procedures for restoring compromised systems from backups after a cyberattack.

An electrical contracting company discovers that its scheduling software and customer database have been locked by a cyberattack. According to the "Respond and Recover" functions of cybersecurity, which of the following is the appropriate course of action?

Your electrical contracting business is experiencing a ransomware attack that has locked your main scheduling computer. You immediately activate your written incident response plan. Match each practical action taken by your team to the corresponding component of the response plan.

To minimize business downtime during a ransomware attack, an electrical contractor's incident response plan should prioritize immediately restoring compromised systems from backups before taking steps to contain the threat.

An electrical contracting business is hit by a cyberattack that encrypts its project management files. Evaluate the scenario to determine the most effective strategy for managing the crisis. Arrange the following incident response steps in the optimal order, prioritizing threat containment before operational recovery.

As the owner of a new electrical contracting firm, you are designing a custom 'Cyber-Resiliency Blueprint' to ensure your company can Respond and Recover from a digital breach. Match each protocol component you must create to the specific business objective it is designed to achieve.

As the owner of an electrical contracting business, you are designing a 'Safe Restoration Protocol' to ensure your company can securely recover critical data after a cyberattack. Arrange the following steps to construct a logical 'Clean-Room' recovery pipeline that prevents re-infection and ensures the accuracy of your restored records.

An electrical contractor's office is hit by a ransomware attack. The team immediately restores their project files from a cloud backup (Recover) but discovers the files are re-encrypted within minutes because the infected computer was still connected to the network (Respond). Which of the following best analyzes the logical relationship between these two functions in this scenario?

An electrical contractor's office has just contained a ransomware attack that locked their scheduling and estimating files. To begin the 'Recover' phase, the owner must choose between two available backups: a cloud-synced version from 20 minutes before the attack began, and a disconnected external hard drive from two days ago.

Evaluate which recovery option is the most effective for ensuring the long-term resilience of the business.

An electrical contractor discovers that an unauthorized individual has gained access to their digital estimating software and is currently changing the material prices on several active project bids.

To apply the Respond function of their cybersecurity plan, what is the most appropriate immediate action for the contractor to take?

Which document is specifically designed to outline communication protocols, containment steps, and system restoration procedures for an electrical contracting business during a cyber incident?

If an electrical contracting business detects a cyberattack on its billing system, it must follow a specific process to handle the threat and return to work. Arrange the following actions in the correct logical order according to the Respond and Recover functions.

If your electrical company's tablets are locked by a virus, the 'Respond' function of the NIST framework is the stage where you would use your cloud backups to restore the technicians' work schedules and return to normal operations.

An electrical contractor discovers that a virus is encrypting their office files. To manage the situation, they must distinguish between actions that stop the threat and actions that return the business to normal. Match each action to its correct function and goal.

An electrical contractor performs a post-incident review and determines that while the staff successfully isolated the infected computer to prevent further damage, the business remained offline for several days because there was no plan to get the systems running again. This critique suggests that the business needs to prioritize strengthening its ____ function.

Within an electrical contracting business's incident response plan, what is the primary purpose of 'communication protocols'?

Match each cybersecurity term with its primary role in how an electrical contracting business handles a cyber incident.

Refer to the provided image of a cybersecurity framework. An electrical contractor notices suspicious activity on the office's shared network drive. To prevent a potential virus from spreading to the field technicians' tablets, the contractor immediately disconnects the main server from the internet. This 'containment' action is a practical application of the ____ function.

Based on the cybersecurity framework shown in the image, if an electrical contractor restores a $20,000 project bid from a backup without first executing 'containment' protocols, the recovery effort will likely fail because the active threat remains on the network to immediately compromise the restored data.

An electrical contracting firm discovers a cyber incident is actively affecting its office server, which holds $10,000 in project bids. To ensure the highest level of business recovery and future protection, the contractor must evaluate the priority of their actions. Based on the Respond and Recover functions, arrange the following steps in the most effective order of execution, starting with the immediate reaction to the threat.