Last Updated on October 26, 2022 by InfraExam
CISM : Certified Information Security Manager : Part 79
Which of the following is a PRIMARY function of an incident response team?
- To provide a business impact assessment (BIA)
- To provide effective incident mitigation
- To provide a single point of contact for critical incidents
- To provide a risk assessment for zero-day vulnerabilities
Which of the following is a PRIMARY security responsibility of an information owner?
- Deciding what level of classification the information requires
- Testing information classification controls
- Maintaining the integrity of data in the information system
- Determining the controls associated with information classification
What is the PRIMARY purpose of an unannounced disaster recovery exercise?
- To evaluate how personnel react to the situation
- To provide metrics to senior management
- To estimate the recovery time objective (RTO)
- To assess service level agreements (SLAs)
When implementing a new risk assessment methodology, which of the following is the MOST important requirement?
- Risk assessments must be conducted by certified staff.
- The methodology must be approved by the chief executive officer.
- Risk assessments must be reviewed annually.
- The methodology used must be consistent across the organization.
Over the last year, an information security manager has performed risk assessments on multiple third-party vendors. Which of the following criteria would be MOST helpful in determining the associated level of risk applied to each vendor?
- Corresponding breaches associated with each vendor
- Compensating controls in place to protect information security
- Compliance requirements associated with the regulation
- Criticality of the service to the organization
An organization performed a risk analysis and found a large number of assets with low-impact vulnerabilities. The NEXT action of the information security manager should be to:
- determine appropriate countermeasures.
- transfer the risk to a third party.
- report to management.
- quantify the aggregated risk.
What is the PRIMARY goal of an incident management program?
- Minimize impact to the organization.
- Contain the incident.
- Identify root cause.
- Communicate to external entities.
An organization has determined that one of its web servers has been compromised. Which of the following actions should be taken to preserve the evidence of the intrusion for forensic analysis and potential litigation?
- Reboot the server in a secure area to search for digital evidence.
- Unplug the server from the power.
- Restrict physical and logical access to the server.
- Run analysis tools to detect the source of the intrusion.
Which of the following is the GREATEST potential exposure created by outsourcing to an application service provider?
- Denial of service attacks
- Combining incompatible duties
- Mixing of data
- Lack of technical expertise
Which of the following BEST indicates an effective vulnerability management program?
- Risks are managed within acceptable limits.
- Threats are identified accurately.
- Vulnerabilities are managed proactively.
- Vulnerabilities are reported in a timely manner.
Which of the following would contribute MOST to employees’ understanding of data handling responsibilities?
- Demonstrating support by senior management of the security program
- Requiring staff acknowledgement of security policies
- Labeling documents according to appropriate security classification
- Implementing a tailored security awareness training program
What information is MOST helpful in demonstrating to senior management how information security governance aligns with business objectives?
- Updates on information security projects in development
- Drafts of proposed policy changes
- Metrics of key information security deliverables
- A list of monitored threats, risks, and exposures
A third-party service provider has proposed a data loss prevention (DLP) solution. Which of the following MUST be in place for this solution to be relevant to the organization?
- Senior management support
- A data classification schema
- An adequate data testing environment
- A business case
Which of the following would be of GREATEST assistance in determining whether to accept residual risk of a critical security system?
- Maximum tolerable outage (MTO)
- Cost-benefit analysis of mitigating controls
- Annual loss expectancy (ALE)
- Approved annual budget
What should be the PRIMARY basis for prioritizing incident containment?
- Legal and regulatory requirements
- The recovery cost of affected assets
- The business value of affected assets
- Input from senior management
The MOST important reason to maintain metrics for incident response activities is to:
- ensure that evidence collection and preservation are standardized.
- prevent incidents from reoccurring.
- support continual process improvement.
- analyze security incident trends.
An online payment provider’s computer security incident response team has confirmed that a customer credit card database was breached. Which of the following is MOST important to include in a report to senior management?
- A summary of the security logs that illustrates the sequence of events
- An explanation of the potential business impact
- An analysis of similar attacks and recommended remediation
- A business case for implementing stronger logical access controls
The PRIMARY objective of periodically testing an incident response plan should be to:
- highlight the importance of incident response and recovery.
- harden the technical infrastructure.
- improve internal processes and procedures.
- improve employee awareness of the incident response process.
When a critical incident cannot be contained in a timely manner and the affected system needs to be taken offline, which of the following stakeholders MUST receive priority communication?
- System end-users
- System administrator
- Senior management
- Business process owner
The MOST effective way to determine the resources required by internal incident response teams is to:
- test response capabilities with event scenarios.
- determine the scope and charter of incident response.
- request guidance from incident management consultants.
- benchmark against other incident management programs.