Last Updated on October 26, 2022 by InfraExam
CISM : Certified Information Security Manager : Part 80
An incident was detected where customer records were altered without authorization. The GREATEST concern for forensic analysis would be that the log data:
- has been disclosed.
- could be temporarily available.
- may not be time-synchronized.
- may be modified.
Which of the following poses the GREATEST risk to the operational effectiveness of an incident response team?
- The lack of a security information and event management (SIEM) system
- The lack of automated communication channels
- The lack of delegated authority
- The lack of forensic investigation skills
Which of the following is the MAIN objective of classifying a security incident as soon as it is discovered?
- Engaging appropriate resources
- Enabling appropriate incident investigation
- Downgrading the impact of the incident
- Preserving relevant evidence
Which of the following is MOST important to help ensure an intrusion prevention system (IPS) can view all traffic in a demilitarized zone (DMZ)?
- All internal traffic is routed to the IPS.
- Connected devices can contact the IPS.
- The IPS is placed outside of the firewall.
- Traffic is decrypted before processing by the IPS.
An organization’s ability to prevent a security incident in a Software as a Service (SaaS) cloud-computing environment is MOST dependent on the:
- ability to implement a web application firewall.
- ability to monitor and analyze system logs.
- configuration and sensitivity of an intrusion detection system (IDS).
- granularity with which access rights can be configured.
Which of the following is the BEST method to protect against data exposure when a mobile device is stolen?
- Remote wipe capability
- Password protection
Which of the following is MOST helpful in protecting against hacking attempts on the production network?
- Intrusion prevention systems (IPSs)
- Network penetration testing
- Security information and event management (SIEM) tools
- Decentralized honeypot networks
An information security manager has discovered an external break-in to the corporate network. Which of the following actions should be taken FIRST?
- Switch on trace logging.
- Copy event logs to a different server.
- Isolate the affected portion of the network.
- Shut down the network.
Which of the following is MOST important for an information security manager to verify when selecting a third-party forensics provider?
- Technical capabilities of the provider
- Existence of the provider’s incident response plan
- Results of the provider’s business continuity tests
- Existence of a right-to-audit clause
An online trading company discovers that a network attack has penetrated the firewall. What should be the information security manager’s FIRST response?
- Notify the regulatory agency of the incident
- Evaluate the impact to the business.
- Implement mitigating controls
- Examine firewall logs to identify the attacker.