CISM : Certified Information Security Manager : Part 66
-
Which of the following metrics is MOST useful to demonstrate the effectiveness of an incident response plan?
- Average time to resolve an incident
- Total number of reported incidents
- Total number of incident responses
- Average time to respond to an incident
-
During an emergency security incident, which of the following would MOST likely predict the worst-case scenario?
- Cost-benefit analysis report
- Business impact analysis (BIA) report
- Risk assessment report
- Vulnerability assessment report
-
A global organization is developing an incident response team (IRT). The organization wants to keep headquarters informed of all incidents and wants to be able to present a unified response to widely dispersed events.
Which of the following IRT models BEST supports these objectives?
- Holistic IRT
- Central IRT
- Coordinating IRT
- Distributed IRT
-
The decision to escalate an incident should be based PRIMARILY on:
- organizational hierarchy.
- prioritization by the information security manager.
- predefined policies and procedures.
- response team experience.
-
Which of the following provides the MOST relevant evidence of incident response maturity?
- Red team testing results
- Average incident closure time
- Independent audit assessment
- Tabletop exercise results
-
What is the MOST important factor for determining prioritization of incident response?
- Service level agreements (SLAs) pertaining to the impacted systems
- The potential impact to the business
- The time to restore the impacted systems
- The availability of specialized technical staff
-
When developing a classification method for incidents, the categories MUST be:
- quantitatively defined.
- regularly reviewed.
- specific to situations.
- assigned to incident handlers.
-
Which of the following is the PRIMARY objective of an incident communication plan?
- To convey information about the incident to those affected by it
- To prevent reputational damage to the organization
- To prevent unannounced visits from the media during crisis
- To fulfill regulatory requirements for incident response
-
The MAIN consideration when designing an incident escalation plan should be ensuring that:
- appropriate stakeholders are involved
- information assets are classified
- requirements cover forensic analysis
- high-impact risks have been identified
-
Which of the following should be the PRIMARY objective of the information security incident response process?
- Conducting incident triage
- Classifying incidents
- Communicating with internal and external parties
- Minimizing negative impact to critical operations
-
Which of the following is the PRIMARY purpose of red team testing?
- To determine the organization’s preparedness for an attack
- To assess the vulnerability of employees to social engineering
- To establish a baseline incident response program
- To confirm the risk profile of the organization
-
Which of the following external entities would provide the BEST guidance to an organization facing advanced attacks?
- Recognized threat intelligence communities
- Open-source reconnaissance
- Disaster recovery consultants widely endorsed in industry forums
- Incident response experts from highly regarded peer organizations
-
An organization has detected sensitive data leakage caused by an employee of a third-party contractor. What is the BEST course of action to address this issue?
- Activate the organization’s incident response plan
- Include security requirements in outsourcing contracts
- Terminate the agreement with the third-party contractor
- Limit access to the third-party contractor
-
Which of the following is the MOST important reason for logging firewall activity?
- Incident investigation
- Auditing purposes
- Intrusion detection
- Firewall tuning
-
Which of the following is the BEST way to improve the timely reporting of information security incidents?
- Perform periodic simulations with the incident response team
- Integrate an intrusion detection system (IDS) in the DMZ
- Incorporate security procedures in help desk processes
- Regularly reassess and update the incident response plan
-
What is the MOST effective way to ensure information security incidents will be managed effectively and in a timely manner?
- Establish and measure key performance indicators (KPIs)
- Communicate incident response procedures to staff
- Test incident response procedures regularly
- Obtain senior management commitment
-
When information security management is receiving an increased number of false positive incident reports, which of the following is MOST important to review?
- Post-incident analysis results
- The risk management processes
- The security awareness programs
- Firewall logs
-
An information security manager is developing evidence preservation procedures for an incident response plan. Which of the following would be the BEST source of guidance for requirements associated with the procedures?
- IT management
- Legal counsel
- Executive management
- Data owners
-
Which of the following is the MOST beneficial outcome of testing an incident response plan?
- Test plan results are documented
- The plan is enhanced to reflect the findings of the test
- Incident response time is improved
- The response includes escalation to senior management
-
Following a malicious security incident, an organization has decided to prosecute those responsible. Which of the following will BEST facilitate the forensic investigation?
- Performing a backup of affected systems
- Identifying the affected environment
- Maintaining chain of custody
- Determining the degree of loss
Subscribe
0 Comments
Newest