CISMβCertified Information Security Manager - Part 197
1. An organization has verified that its customer information was recently exposed. Which of the following is the FIRST step a security manager should take in this situation?
A) Inform senior management.
B) Determine the extent of the compromise.
C) Report the incident to the authorities.
D) Communicate with the affected customers.
2. A possible breach of an organization's IT system is reported by the project manager. What is the FIRST thing the incident response manager should do?
A) Run a port scan on the system
B) Disable the logon ID
C) Investigate the system logs
D) Validate the incident
3. The PRIMARY consideration when defining recovery time objectives (RTOs) for information assets is:
A) regulatory' requirements.
B) business requirements.
C) financial value.
D) IT resource availability.
4. What task should be performed once a security incident has been verified?
A) Identify the incident.
B) Contain the incident.
C) Determine the root cause of the incident.
D) Perform a vulnerability assessment.
5. An information security manager believes that a network file server was compromised by a hacker. Which of the following should be the FIRST action taken?
A) Unsure that critical data on the server are backed up.
B) Shut down the compromised server.
C) Initiate the incident response process.
D) Shut down the network.
A) Inform senior management.
B) Determine the extent of the compromise.
C) Report the incident to the authorities.
D) Communicate with the affected customers.
2. A possible breach of an organization's IT system is reported by the project manager. What is the FIRST thing the incident response manager should do?
A) Run a port scan on the system
B) Disable the logon ID
C) Investigate the system logs
D) Validate the incident
3. The PRIMARY consideration when defining recovery time objectives (RTOs) for information assets is:
A) regulatory' requirements.
B) business requirements.
C) financial value.
D) IT resource availability.
4. What task should be performed once a security incident has been verified?
A) Identify the incident.
B) Contain the incident.
C) Determine the root cause of the incident.
D) Perform a vulnerability assessment.
5. An information security manager believes that a network file server was compromised by a hacker. Which of the following should be the FIRST action taken?
A) Unsure that critical data on the server are backed up.
B) Shut down the compromised server.
C) Initiate the incident response process.
D) Shut down the network.
1. Right Answer: B
Explanation: Before reporting to senior management, affected customers or the authorities, the extent of the exposure needs to be assessed.
2. Right Answer: D
Explanation: When investigating a possible incident, it should first be validated. Running a port scan on the system, disabling the logon IDs and investigating the system logs may be required based on preliminary forensic investigation, but doing so as a first step may destroy the evidence.
3. Right Answer: B
Explanation: The criticality to business should always drive the decision. Regulatory requirements could be more flexible than business needs. The financial value of an asset could not correspond to its business value. While a consideration, IT resource availability is not a primary factor.
4. Right Answer: B
Explanation: Identifying the incident means verifying whether an incident has occurred and finding out more details about the incident. Once an incident has been confirmed(identified), the incident management team should limit further exposure. Determining the root cause takes place after the incident has been contained. Performing a vulnerability assessment takes place after the root cause of an incident has been determined, in order to find new vulnerabilities.
5. Right Answer: C
Explanation: The incident response process will determine the appropriate course of action. If the data have been corrupted by a hacker, the backup may also be corrupted.Shutting down the server is likely to destroy any forensic evidence that may exist and may be required by the investigation. Shutting down the network is a drastic action, especially if the hacker is no longer active on the network.
Explanation: Before reporting to senior management, affected customers or the authorities, the extent of the exposure needs to be assessed.
2. Right Answer: D
Explanation: When investigating a possible incident, it should first be validated. Running a port scan on the system, disabling the logon IDs and investigating the system logs may be required based on preliminary forensic investigation, but doing so as a first step may destroy the evidence.
3. Right Answer: B
Explanation: The criticality to business should always drive the decision. Regulatory requirements could be more flexible than business needs. The financial value of an asset could not correspond to its business value. While a consideration, IT resource availability is not a primary factor.
4. Right Answer: B
Explanation: Identifying the incident means verifying whether an incident has occurred and finding out more details about the incident. Once an incident has been confirmed(identified), the incident management team should limit further exposure. Determining the root cause takes place after the incident has been contained. Performing a vulnerability assessment takes place after the root cause of an incident has been determined, in order to find new vulnerabilities.
5. Right Answer: C
Explanation: The incident response process will determine the appropriate course of action. If the data have been corrupted by a hacker, the backup may also be corrupted.Shutting down the server is likely to destroy any forensic evidence that may exist and may be required by the investigation. Shutting down the network is a drastic action, especially if the hacker is no longer active on the network.
Comments
0
CA Foundation Business Economics Questions 2023 - Part 32
03 Mar 2023
CA Foundation Business Economics Questions 2023 - Part 31
03 Mar 2023
CA Foundation Business Economics Questions 2023 - Part 30
03 Mar 2023
CA Foundation Business Economics Questions 2023 - Part 29
03 Mar 2023
CA Foundation Business Economics Questions 2023 - Part 28
03 Mar 2023
