An organization was forced to pay a ransom to regain access to a critical database that had been encrypted in a ransomware attack. What would have BEST prevented the need to make this ransom payment?

A. Storing backups on a segregated network
B. Training employees on ransomware
C. Ensuring all changes are approved
D. Verifying the firewall is configured properly

What should be an information security manager's FIRST course of action upon learning of a security threat that has occurred in the industry for the first time?

A. Update the relevant information security policy.
B. Perform a control gap analysis of the organization's environment.
C. Revise the organization's incident response plan.
D. Examine responses of victims that have been exposed to similar threats.

Which of the following is MOST critical for responding effectively to security breaches?

A. Root cause analysis
B. Evidence gathering
C. Management communication
D. Counterattack techniques

What should an information security manager do FIRST when a service provider that stores the organization's confidential customer data experiences a breach in its data center?

A. Engage an audit of the provider's data center.
B. Recommend canceling the outsourcing contract.
C. Apply remediation actions to counteract the breach.
D. Determine the impact of the breach.

Which of the following should be the FIRST step of incident response procedures?

A. Classify the event depending on severity and type.
B. Identify if there is a need for additional technical assistance.
C. Perform a risk assessment to determine the business impact.
D. Evaluate the cause of the control failure.

Which of the following is the BEST way to prevent recurrence of a security incident?

A. Review and update security policy on a regular basis
B. Management support and approval of the incident response plan
C. An appropriate investigation into the root cause with corrective measures applied
D. An expanded and more effective monitoring and detection process for incidents

An information security manager is preparing an incident response plan. Which of the following is the MOST important consideration when responding to an incident involving sensitive customer data?

A. The assignment of a forensics team
B. The ability to recover from the incident in a timely manner
C. The ability to obtain incident information in a timely manner
D. Following defined post-incident review procedures

What should be an information security manager's PRIMARY objective in the event of a security incident?

A. Contain the threat and restore operations in a timely manner.
B. Ensure that normal operations are not disrupted.
C. Identify the source of the breach and how it was perpetrated.
D. Identify lapses in operational control effectiveness.

The PRIMARY reason for implementing scenario-based training for incident response is to:

A. help incident response team members understand their assigned roles.
B. verify threats and vulnerabilities faced by the incident response team.
C. ensure staff knows where to report in the event evacuation is required.
D. assess the timeliness of the incident team response and remediation.

Which of the following provides the BEST opportunity to evaluate the capabilities of incident response team members?

A. Disaster recovery exercise
B. Black box penetration test
C. Breach simulation exercise
D. Tabletop test