Last Updated on October 26, 2022 by InfraExam
CISM : Certified Information Security Manager : Part 66
Which of the following metrics is MOST useful to demonstrate the effectiveness of an incident response plan?
- Average time to resolve an incident
- Total number of reported incidents
- Total number of incident responses
- Average time to respond to an incident
During an emergency security incident, which of the following would MOST likely predict the worst-case scenario?
- Cost-benefit analysis report
- Business impact analysis (BIA) report
- Risk assessment report
- Vulnerability assessment report
A global organization is developing an incident response team (IRT). The organization wants to keep headquarters informed of all incidents and wants to be able to present a unified response to widely dispersed events.
Which of the following IRT models BEST supports these objectives?
- Holistic IRT
- Central IRT
- Coordinating IRT
- Distributed IRT
The decision to escalate an incident should be based PRIMARILY on:
- organizational hierarchy.
- prioritization by the information security manager.
- predefined policies and procedures.
- response team experience.
Which of the following provides the MOST relevant evidence of incident response maturity?
- Red team testing results
- Average incident closure time
- Independent audit assessment
- Tabletop exercise results
What is the MOST important factor for determining prioritization of incident response?
- Service level agreements (SLAs) pertaining to the impacted systems
- The potential impact to the business
- The time to restore the impacted systems
- The availability of specialized technical staff
When developing a classification method for incidents, the categories MUST be:
- quantitatively defined.
- regularly reviewed.
- specific to situations.
- assigned to incident handlers.
Which of the following is the PRIMARY objective of an incident communication plan?
- To convey information about the incident to those affected by it
- To prevent reputational damage to the organization
- To prevent unannounced visits from the media during crisis
- To fulfill regulatory requirements for incident response
The MAIN consideration when designing an incident escalation plan should be ensuring that:
- appropriate stakeholders are involved
- information assets are classified
- requirements cover forensic analysis
- high-impact risks have been identified
Which of the following should be the PRIMARY objective of the information security incident response process?
- Conducting incident triage
- Classifying incidents
- Communicating with internal and external parties
- Minimizing negative impact to critical operations
Which of the following is the PRIMARY purpose of red team testing?
- To determine the organization’s preparedness for an attack
- To assess the vulnerability of employees to social engineering
- To establish a baseline incident response program
- To confirm the risk profile of the organization
Which of the following external entities would provide the BEST guidance to an organization facing advanced attacks?
- Recognized threat intelligence communities
- Open-source reconnaissance
- Disaster recovery consultants widely endorsed in industry forums
- Incident response experts from highly regarded peer organizations
An organization has detected sensitive data leakage caused by an employee of a third-party contractor. What is the BEST course of action to address this issue?
- Activate the organization’s incident response plan
- Include security requirements in outsourcing contracts
- Terminate the agreement with the third-party contractor
- Limit access to the third-party contractor
Which of the following is the MOST important reason for logging firewall activity?
- Incident investigation
- Auditing purposes
- Intrusion detection
- Firewall tuning
Which of the following is the BEST way to improve the timely reporting of information security incidents?
- Perform periodic simulations with the incident response team
- Integrate an intrusion detection system (IDS) in the DMZ
- Incorporate security procedures in help desk processes
- Regularly reassess and update the incident response plan
What is the MOST effective way to ensure information security incidents will be managed effectively and in a timely manner?
- Establish and measure key performance indicators (KPIs)
- Communicate incident response procedures to staff
- Test incident response procedures regularly
- Obtain senior management commitment
When information security management is receiving an increased number of false positive incident reports, which of the following is MOST important to review?
- Post-incident analysis results
- The risk management processes
- The security awareness programs
- Firewall logs
An information security manager is developing evidence preservation procedures for an incident response plan. Which of the following would be the BEST source of guidance for requirements associated with the procedures?
- IT management
- Legal counsel
- Executive management
- Data owners
Which of the following is the MOST beneficial outcome of testing an incident response plan?
- Test plan results are documented
- The plan is enhanced to reflect the findings of the test
- Incident response time is improved
- The response includes escalation to senior management
Following a malicious security incident, an organization has decided to prosecute those responsible. Which of the following will BEST facilitate the forensic investigation?
- Performing a backup of affected systems
- Identifying the affected environment
- Maintaining chain of custody
- Determining the degree of loss