CA Foundation Business Economics Questions 2023 - Part 32
Fri, 03 Mar 2023
Inspirational journeys
Follow the stories of academics and their research expeditions
CISM—Certified Information Security Manager - Part 196
1. Which of the following has the highest priority when defining an emergency response plan?
A) Critical data
B) Critical infrastructure
C) Safety of personnel
D) Vital records
2. The PRIMARY purpose of involving third-party teams for carrying out post event reviews of information security incidents is to:
A) enable independent and objective review of the root cause of the incidents.
B) obtain support for enhancing the expertise of the third-party teams.
C) identify lessons learned for further improving the information security management process.
D) obtain better buy-in for the information security program.
3. The MOST important objective of a post incident review is to:
A) capture lessons learned to improve the process.
B) develop a process for continuous improvement.
C) develop a business case for the security program budget.
D) identify new incident management tools.
4. Which of the following is the BEST mechanism to determine the effectiveness of the incident response process?
A) Incident response metrics
B) Periodic auditing of the incident response process
C) Action recording and review
D) Post incident review
5. The FIRST step in an incident response plan is to:
A) notify- the appropriate individuals.
B) contain the effects of the incident to limit damage.
C) develop response strategies for systematic attacks.
D) validate the incident.
A) Critical data
B) Critical infrastructure
C) Safety of personnel
D) Vital records
2. The PRIMARY purpose of involving third-party teams for carrying out post event reviews of information security incidents is to:
A) enable independent and objective review of the root cause of the incidents.
B) obtain support for enhancing the expertise of the third-party teams.
C) identify lessons learned for further improving the information security management process.
D) obtain better buy-in for the information security program.
3. The MOST important objective of a post incident review is to:
A) capture lessons learned to improve the process.
B) develop a process for continuous improvement.
C) develop a business case for the security program budget.
D) identify new incident management tools.
4. Which of the following is the BEST mechanism to determine the effectiveness of the incident response process?
A) Incident response metrics
B) Periodic auditing of the incident response process
C) Action recording and review
D) Post incident review
5. The FIRST step in an incident response plan is to:
A) notify- the appropriate individuals.
B) contain the effects of the incident to limit damage.
C) develop response strategies for systematic attacks.
D) validate the incident.
1. Right Answer: C
Explanation: The safety of an organization's employees should be the most important consideration given human safety laws. Human safety is considered first in any process or management practice. All of the other choices are secondary.
2. Right Answer: A
Explanation: It is always desirable to avoid the conflict of interest involved in having the information security team carries out the post event review. Obtaining support for enhancing the expertise of the third-party teams is one of the advantages, but is not the primary driver. Identifying lessons learned for further improving the information security management process is the general purpose of carrying out the post event review. Obtaining better buy-in for the information security program is not a valid reason for involving third-party teams.
3. Right Answer: A
Explanation: The main purpose of a post incident review is to identify areas of improvement in the process. Developing a process for continuous improvement is not true in every case. Developing a business case for the security program budget and identifying new incident management tools may come from the analysis of the incident, but are not the key objectives.
4. Right Answer: D
Explanation: Post event reviews are designed to identify gaps and shortcomings in the actual incident response process so that these gaps may be improved over time. The other choices will not provide the same level of feedback in improving the process.
5. Right Answer: D
Explanation: Appropriate people need to be notified; however, one must first validate the incident. Containing the effects of the incident would be completed after validating the incident. Developing response strategies for systematic attacks should have already been developed prior to the occurrence of an incident.
Explanation: The safety of an organization's employees should be the most important consideration given human safety laws. Human safety is considered first in any process or management practice. All of the other choices are secondary.
2. Right Answer: A
Explanation: It is always desirable to avoid the conflict of interest involved in having the information security team carries out the post event review. Obtaining support for enhancing the expertise of the third-party teams is one of the advantages, but is not the primary driver. Identifying lessons learned for further improving the information security management process is the general purpose of carrying out the post event review. Obtaining better buy-in for the information security program is not a valid reason for involving third-party teams.
3. Right Answer: A
Explanation: The main purpose of a post incident review is to identify areas of improvement in the process. Developing a process for continuous improvement is not true in every case. Developing a business case for the security program budget and identifying new incident management tools may come from the analysis of the incident, but are not the key objectives.
4. Right Answer: D
Explanation: Post event reviews are designed to identify gaps and shortcomings in the actual incident response process so that these gaps may be improved over time. The other choices will not provide the same level of feedback in improving the process.
5. Right Answer: D
Explanation: Appropriate people need to be notified; however, one must first validate the incident. Containing the effects of the incident would be completed after validating the incident. Developing response strategies for systematic attacks should have already been developed prior to the occurrence of an incident.
Tags:
it certification certified it it exams isaca certification isaca cgeit isaca cisa isaca cism isaca cobit 5 isaca crisc isaca questions practice exams pratice quests risc maangement it management it questions isaca answers isaca practice isaca dumps isaca test test questions questins and answer explanation0 Comments
Categories
Recent posts
CA Foundation Business Economics Questions 2023 - Part 31
Fri, 03 Mar 2023
CA Foundation Business Economics Questions 2023 - Part 30
Fri, 03 Mar 2023
Leave a comment