CISM Certified Information Security Manager – Question1509

Which of the following would BEST demonstrate the maturity level of an organization's security incident response program?

A.
An increase in the number of reported incidents
B. A decrease in the number of reported incidents
C. A documented and live-tested incident response process
D. Ongoing review and evaluation of the incident response team

Correct Answer: C

CISM Certified Information Security Manager – Question1507

An organization's security was compromised by outside attackers. The organization believed that the incident was resolved. After a few days, the IT staff is still noticing unusual network traffic. Which of the following is the BEST course of action to address this situation?

A.
Initiate the incident response process.
B. Identify potential incident impact.
C. Implement additional incident response monitoring tools.
D. Assess the level of the residual risk.

Correct Answer: D

CISM Certified Information Security Manager – Question1506

The head of a department affected by a recent security incident expressed concern about not being aware of the actions taken to resolve the incident. Which of the following is the BEST way to address this issue?

A.
Ensure better identification of incidents in the incident response plan.
B. Discuss the definition of roles in the incident response plan.
C. Require management approval of the incident response plan.
D. Disseminate the incident response plan throughout the organization.

Correct Answer: B

CISM Certified Information Security Manager – Question1505

What is the PRIMARY purpose of communicating business impact to an incident response team?

A.
To provide monetary values for post-incident review
B. To provide information for communication of incidents
C. To facilitate resource allocation for preventive measures
D. To enable effective prioritization of incidents

Correct Answer: D

CISM Certified Information Security Manager – Question1504

Which of the following techniques is MOST useful when an incident response team needs to respond to external attacks on multiple corporate network devices?

A.
Penetration testing of network devices
B. Vulnerability assessment of network devices
C. Endpoint baseline configuration analysis
D. Security event correlation analysis

Correct Answer: A

CISM Certified Information Security Manager – Question1503

Which of the following is the PRIMARY goal of an incident response team during a security incident?

A.
Ensure the attackers are detected and stopped
B. Minimize disruption to business-critical operations
C. Maintain a documented chain of evidence
D. Shut down the affected systems to limit the business impact

Correct Answer: B

CISM Certified Information Security Manager – Question1502

Which of the following should be communicated FIRST to senior management once an information security incident has been contained?

A.
Whether the recovery time objective was met
B. A summary of key lessons learned from the incident
C. The initial business impact of the incident
D. Details on containment activities

Correct Answer: C

CISM Certified Information Security Manager – Question1501

An information security manager is reviewing the organization’s incident response policy affected by a proposed public cloud integration. Which of the following will be the MOST difficult to resolve with the cloud service provider?

A.
Accessing information security event data
B. Regular testing of incident response plan
C. Obtaining physical hardware for forensic analysis
D. Defining incidents and notification criteria

Correct Answer: A