Which of the following is the MOST beneficial outcome of testing an incident response plan?

A. Test plan results are documented
B. The plan is enhanced to reflect the findings of the test
C. Incident response time is improved
D. The response includes escalation to senior management

An information security manager is developing evidence preservation procedures for an incident response plan. Which of the following would be the BEST source of guidance for requirements associated with the procedures?

A. IT management
B. Legal counsel
C. Executive management
D. Data owners

When information security management is receiving an increased number of false positive incident reports, which of the following is MOST important to review?

A. Post-incident analysis results
B. The risk management process
C. The security awareness programs
D. Firewall logs

What is the MOST effective way to ensure information security incidents will be managed effectively and in a timely manner?

A. Establish and measure key performance indicators (KPIs)
B. Communicate incident response procedures to staff
C. Test incident response procedures regularly
D. Obtain senior management commitment

Which of the following is the BEST way to improve the timely reporting of information security incidents?

A. Perform periodic simulations with the incident response team
B. Integrate an intrusion detection system (IDS) in the DMZ
C. Incorporate security procedures in help desk processes
D. Regularly reassess and update the incident response plan

Which of the following is the MOST important reason for logging firewall activity?

A. Incident investigation
B. Auditing purposes
C. Intrusion detection
D. Firewall tuning

An organization has detected sensitive data leakage caused by an employee of a third-party contractor. What is the BEST course of action to address this issue?

A. Activate the organization’s incident response plan
B. Include security requirements in outsourcing contracts
C. Terminate the agreement with the third-party contractor
D. Limit access to the third-party contractor

Which of the following external entities would provide the BEST guidance to an organization facing advanced attacks?

A. Recognized threat intelligence communities
B. Open-source reconnaissance
C. Disaster recovery consultants widely endorsed in industry forums
D. Incident response experts from highly regarded peer organizations

Which of the following is the PRIMARY purpose of red team testing?

A. To determine the organization’s preparedness for an attack
B. To assess the vulnerability of employees to social engineering
C. To establish a baseline incident response program
D. To confirm the risk profile of the organization

Which of the following should be the PRIMARY objective of the information security incident response process?

A. Conducting incident triage
B. Classifying incidents
C. Communicating with internal and external parties
D. Minimizing negative impact to critical operations