Which of the following is the MOST important security consideration when developing an incident response strategy with a cloud provider?

A. Escalation processes
B. Security audit reports
C. Technological capabilities
D. Recovery time objective (RTO)

The MOST important reason to have a well-documented and tested incident response plan in place is to:

A. standardize the chain of custody procedure
B. facilitate the escalation process
C. promote a coordinated effort.
D. outline external communications

Which of the following is the BEST way for an organization to ensure that incident response teams are properly prepared?

A. Conducting tabletop exercises appropriate for the organization
B. Providing training from third-party forensics firms
C. Documenting multiple scenarios for the organization and response steps
D. Obtaining industry certifications for the response team

Which of the following would be MOST helpful to reduce the amount of time needed by an incident response team to determine appropriate actions?

A. Providing annual awareness training regarding incident response for team members
B. Defining incident severity levels during a business impact analysis (BIA)
C. Validating the incident response plan against industry best practices
D. Rehearsing incident response procedures, roles, and responsibilities

Which of the following is the MOST reliable way to ensure network security incidents are identified as soon as possible?

A. Collect and correlate IT infrastructure event logs.
B. Conduct workshops and training sessions with end users.
C. Install stateful inspection firewalls.
D. Train help desk staff to identify and prioritize security incidents.

When establishing escalation processes for an organization’s computer security incident response team, the organization’s procedures should:

A. provide unrestricted communication channels to executive leadership to ensure direct access.
B. require events to be escalated whenever possible to ensure that management is kept informed.
C. recommend the same communication path for events to ensure consistency of communication.
D. specify step-by-step escalation paths to ensure an appropriate chain of command.

For an organization that provides web-based services, which of the following security events would MOST likely initiate an incident response plan and be escalated to management?

A. Multiple failed login attempts on an employee’s workstation
B. Suspicious network traffic originating from the demilitarized zone (DMZ)
C. Several port scans of the web server
D. Anti-malware alerts on several employees’ workstations

Which of the following activities is used to determine the effect of a disruptive event?

A. Maximum tolerable downtime assessment
B. Recovery time objective (RTO) analysis
C. Business impact analysis (BIA)
D. Incident impact analysis

The PRIMARY goal of a post-incident review should be to:

A. determine why the incident occurred.
B. determine how to improve the incident handling process.
C. identify policy changes to prevent a recurrence.
D. establish the cost of the incident to the business.

A risk profile support effective security decisions PRIMARILY because it:

A. defines how the best mitigate future risks.
B. identifies priorities for risk reduction.
C. enables comparison with industry best practices.
D. describes security threats.