Which of the following is MOST important when prioritizing an information security incident?

A. Organizational risk tolerance
B. Cost to contain and remediate the incident
C. Critically of affected resources
D. Short-term impact to shareholder value

Following a successful and well-publicized hacking incident, an organization has plans to improve application security. Which of the following is a security project risk?

A. Critical evidence may be lost.
B. The reputation of the organization may be damaged.
C. A trapdoor may have been installed in the application.
D. Resources may not be available to support the implementation.

When developing an incident response plan, which of the following is the MOST effective way to ensure incidents common to the organization are handled properly?

A. Adopting industry standard response procedures
B. Rehearsing response scenarios
C. Conducting awareness training
D. Creating and distributing a personnel call tree

Which of the following would provide the MOST comprehensive view of the effectiveness of the information security function within an organization?

A. An incident reporting system
B. Examples of compliance with security processes
C. A balanced scorecard
D. An interview with senior managers

Which of the following is the MOST effective way to detect security incidents?

A. Analyze penetration test results.
B. Analyze recent security risk assessments.
C. Analyze vulnerability assessments.
D. Analyze security anomalies.

Which of the following is the BEST reason to reassess risk following an incident?

A. To capture lessons learned
B. To identify changes in the threat environment
C. To update roles and responsibilities
D. To accurately document risk to the organization

Which of the following service offerings in a typical Infrastructure as a Service (IaaS) model will BEST enable a cloud service provider to assist customers when recovering from a security incident?

A. Availability of current infrastructure documentation
B. Capability to take a snapshot of virtual machines
C. Availability of web application firewall logs
D. Capability of online virtual machine analysis

Which of the following is MOST critical when creating an incident response plan?

A. Identifying what constitutes an incident
B. Identifying vulnerable data assets
C. Aligning with the risk assessment process
D. Documenting incident notification and escalation processes

Which of the following provides the BEST indication that the information security program is in alignment with enterprise requirements?

A. The security strategy is benchmarked with similar organizations.
B. The information security manager reports to the chief executive officer.
C. Security strategy objectives are defined in business terms.
D. An IT governance committee is in place.

When a business-critical web server is compromised, the IT security department should FIRST:

A. archive the logs as evidence.
B. attempt to repair any damage in order to keep the server running.
C. notify the legal department and/or regulatory officials as required.
D. advise management of the incident.