CISM Certified Information Security Manager – Question1499

Which of the following is MOST important for effective communication during incident response?

A.
Maintaining a relationship with media and law enforcement
B. Maintaining an updated contact list
C. Establishing a recovery time objective (RTO)
D. Establishing a mean time to resolve (MTTR) metric

Correct Answer: B

CISM Certified Information Security Manager – Question1497

Which of the following BEST enables a more efficient incident reporting process?

A.
Training executive management for communication with external entities
B. Educating the incident response team on escalation procedures
C. Educating IT teams on compliance requirements
D. Training end users to identify abnormal events

Correct Answer: D

CISM Certified Information Security Manager – Question1496

An information security manager has been alerted to a possible incident involving a breach at one of the organization's vendors. Which of the following should be done FIRST?

A.
Discontinue the relationship with the vendor.
B. Perform incident recovery.
C. Perform incident eradication.
D. Engage the incident response team.

Correct Answer: D

CISM Certified Information Security Manager – Question1495

An information security manager has discovered a potential security breach in a server that supports a critical business process. Which of the following should be the information security manager's FIRST course of action?

A.
Shut down the server in an organized manner.
B. Validate that there has been an incident.
C. Inform senior management of the incident.
D. Notify the business process owner.

Correct Answer: B

CISM Certified Information Security Manager – Question1494

An organization's information security manager is performing a post-incident review of a security incident in which the following events occurred:

  • A bad actor broke into a business-critical FTP server by brute forcing an administrative password
  • The third-party service provider hosting the server sent an automated alert message to the help desk, but was ignored
  • The bad actor could not access the administrator console, but was exposed to encrypted data transferred to the server
  • After three (3) hours, the bad actor deleted the FTP directory causing incoming FTP attempts by legitimate customers to fail

Which of the following poses the GREATEST risk to the organization related to this event?

A.
Removal of data
B. Downtime of the service
C. Disclosure of stolen data
D. Potential access to the administration console

Correct Answer: B

CISM Certified Information Security Manager – Question1493

When establishing classifications of security incidents for the development of an incident response plan, which of the following provides the MOST valuable input?

A.
Recommendations from senior management
B. The business continuity plan (BCP)
C. Business impact analysis (BIA) results
D. Vulnerability assessment results

Correct Answer: C

CISM Certified Information Security Manager – Question1492

An information security manager has been tasked with developing materials to update the board, regulatory agencies, and the media about a security incident. Which of the following should the information security manager do FIRST?

A.
Invoke the organization's incident response plan.
B. Set up communication channels for the target audience.
C. Determine the needs and requirements of each audience.
D. Create a comprehensive singular communication.

Correct Answer: C

CISM Certified Information Security Manager – Question1490

An organization utilizes a third party to classify its customers' personally identifiable information (PII). What is the BEST way to hold the third party accountable for data leaks?

A.
Include detailed documentation requirements within the formal statement of work.
B. Submit a formal request for proposal (RFP) containing detailed documentation of requirements.
C. Ensure a nondisclosure agreement is signed by both parties' senior management.
D. Require the service provider to sign off on the organization's acceptable use policy.

Correct Answer: A