CISM Exam Dumps | The BEST approach in managing a security incident involving a successful penetration should be to:

<< Prev Question Next Question >>

Question 49/392

The BEST approach in managing a security incident involving a successful penetration should be to:

A. allow business processes to continue during the response.

B. allow the security team to assess the attack profile.

C. permit the incident to continue to trace the source.

D. examine the incident response process for deficiencies.

Question List (392q): Question 1: Which of the following events generally has the highest info...; Question 2: Who can BEST approve plans to implement an information secur...; Question 3: A desktop computer that was involved in a computer security ...; Question 4: The FIRST step in an incident response plan is to:...; Question 5: After obtaining commitment from senior management, which of ...; Question 6: Which of the following disaster recovery testing techniques ...; Question 7: To determine how a security breach occurred on the corporate...; Question 8: Which of the following is the BEST approach for an organizat...; Question 9: Which of the following activities performed by a database ad...; Question 10: The PRIMARY objective of a risk management program is to:...; Question 11: Which of the following is the BEST approach for improving in...; Question 12: A third party was engaged to develop a business application....; Question 13: What is the GREATEST advantage of documented guidelines and ...; Question 14: When creating a forensic image of a hard drive, which of the...; Question 15: An organization has decided to implement additional security...; Question 16: A company's mail server allows anonymous file transfer proto...; Question 17: In business-critical applications, user access should be app...; Question 18: An information security manager has developed a strategy to ...; Question 19: During a post-incident review, the sequence and correlation ...; Question 20: The PRIORITY action to be taken when a server is infected wi...; Question 21: After a risk assessment, it is determined that the cost to m...; Question 22: Quantitative risk analysis is MOST appropriate when assessme...; Question 23: Which of the following measures is the MOST effective deterr...; Question 24: Which of the following is the initial step in creating a fir...; Question 25: Simple Network Management Protocol v2 (SNMP v2) is used freq...; Question 26: A serious vulnerability is reported in the firewall software...; Question 27: Which of the following is the BEST indicator that an effecti...; Question 28: As an organization grows, exceptions to information security...; Question 29: What is the MOST important success factor in launching a cor...; Question 30: Risk management programs are designed to reduce risk to:...; Question 31: Which of the following is the BEST tool to maintain the curr...; Question 32: The "separation of duties" principle is violated if which of...; Question 33: An information security manager has completed a risk assessm...; Question 34: Which of the following is the MOST effective solution for pr...; Question 35: When training an incident response team, the advantage of us...; Question 36: When a new key business application goes into production, th...; Question 37: The PRIMARY goal of a corporate risk management program is t...; Question 38: The BEST way to mitigate the risk associated with a social e...; Question 39: What is the MOS T cost-effective means of improving security...; Question 40: When electronically stored information is requested during a...; Question 41: When performing a quantitative risk analysis, which of the f...; Question 42: Which of the following actions should be taken when an infor...; Question 43: Which of the following is the BEST way to determine if an in...; Question 44: Which would be the BEST recommendation to protect against ph...; Question 45: An information security program should focus on:...; Question 46: The PRIMARY consideration when defining recovery time object...; Question 47: Who can BEST advocate the development of and ensure the succ...; Question 48: Which of the following situations would be the MOST concern ...; Question 49: The BEST approach in managing a security incident involving ...; Question 50: In addition to backup data, which of the following is the MO...; Question 51: An organization provides information to its supply chain par...; Question 52: Of the following, whose input is of GREATEST importance in t...; Question 53: Following a significant change to the underlying code of an ...; Question 54: After a risk assessment study, a bank with global operations...; Question 55: Evidence from a compromised server has to be acquired for a ...; Question 56: To ensure that payroll systems continue on in an event of a ...; Question 57: The criticality and sensitivity of information assets is det...; Question 58: When a large organization discovers that it is the subject o...; Question 59: Which of the following would help management determine the r...; Question 60: The FIRST priority when responding to a major security incid...; Question 61: An online banking institution is concerned that the breach o...; Question 62: An organization has verified that its customer information w...; Question 63: To ensure that all information security procedures are funct...; Question 64: Which of the following would be the MOST effective counterme...; Question 65: An organization has learned of a security breach at another ...; Question 66: Which of the following would be of GREATEST importance to th...; Question 67: Of the following, retention of business records should be PR...; Question 68: Which of the following types of information would the inform...; Question 69: Based on the information provided, which of the following si...; Question 70: An organization plans to allow employees to use their own de...; Question 71: Which of the following is the MOST important consideration f...; Question 72: When implementing security controls, an information security...; Question 73: Which of the following is the BEST method for ensuring that ...; Question 74: A new e-mail virus that uses an attachment disguised as a pi...; Question 75: During the restoration of several servers, a critical proces...; Question 76: Which of the following are the MOST important criteria when ...; Question 77: How would an organization know if its new information securi...; Question 78: Which of the following would BEST ensure that security risk ...; Question 79: Which of the following would be a MAJOR consideration for an...; Question 80: In performing a risk assessment on the impact of losing a se...; Question 81: An information security manager reviewed the access control ...; Question 82: A risk analysis should:; Question 83: The MOST important reason for formally documenting security ...; Question 84: When an organization is using an automated tool to manage an...; Question 85: Data owners will determine what access and authorizations us...; Question 86: Which of the following is an example of a corrective control...; Question 87: Which of the following is the MOST critical activity to ensu...; Question 88: Change management procedures to ensure that disaster recover...; Question 89: In the course of responding 10 an information security incid...; Question 90: Which of the following would be the MOST important factor to...; Question 91: When a proposed system change violates an existing security ...; Question 92: The MAIN reason why asset classification is important to a s...; Question 93: The implementation of a capacity plan would prevent:...; Question 94: An intrusion detection system (IDS) should:...; Question 95: Which of the following is the BEST method to ensure the over...; Question 96: A data-hosting organization's data center houses servers, ap...; Question 97: When contracting with an outsourcer to provide security admi...; Question 98: What task should be performed once a security incident has b...; Question 99: Which of the following is MOST important in determining whet...; Question 100: An organization to integrate information security into its h...; Question 101: A business partner of a factory has remote read-only access ...; Question 102: The PRIMARY purpose of installing an intrusion detection sys...; Question 103: Which of the following BEST ensures that security risks will...; Question 104: A root kit was used to capture detailed accounts receivable ...; Question 105: Which of the following is the BEST metric for evaluating the...; Question 106: Which of the following is the BEST approach to mitigate onli...; Question 107: Which of the following is MOST important for an information ...; Question 108: Which of the following tools is MOST appropriate for determi...; Question 109: Which of the following is the PRIMARY prerequisite to implem...; Question 110: Which of the following is the MOST important to ensure a suc...; Question 111: Which of the following is the BEST metric for evaluating the...; Question 112: When developing a tabletop test plan for incident response t...; Question 113: The BEST strategy for risk management is to:...; Question 114: Which of the following is the MOST effective type of access ...; Question 115: A mission-critical system has been identified as having an a...; Question 116: Who should determine the appropriate classification of accou...; Question 117: An organization has been experiencing a number of network-ba...; Question 118: An information security manager has been asked to develop a ...; Question 119: Ensuring that an organization can conduct security reviews w...; Question 120: Which of the following would be the MOST significant securit...; Question 121: To justify the establishment of an incident management team,...; Question 122: Which of the following is MOST critical for the successful i...; Question 123: When performing a qualitative risk analysis, which of the fo...; Question 124: Information security managers should use risk assessment tec...; Question 125: In business critical applications, where shared access to el...; Question 126: Which of the following would raise security awareness among ...; Question 127: When collecting evidence for forensic analysis, it is import...; Question 128: What mechanisms are used to identify deficiencies that would...; Question 129: Which is the BEST way to measure and prioritize aggregate ri...; Question 130: A common concern with poorly written web applications is tha...; Question 131: The root cause of a successful cross site request forgery (X...; Question 132: There is a time lag between the time when a security vulnera...; Question 133: The BEST reason for an organization to have two discrete fir...; Question 134: Which of the following is the MOST effective, positive metho...; Question 135: Which of the following groups would be in the BEST position ...; Question 136: Which of the following will BEST prevent external security a...; Question 137: Which of the following actions should be taken when an onlin...; Question 138: The impact of losing frame relay network connectivity for 18...; Question 139: Risk assessment is MOST effective when performed:...; Question 140: In designing a backup strategy that will be consistent with ...; Question 141: A semi-annual disaster recovery test has been completed. Whi...; Question 142: Which of the following recovery strategies has the GREATEST ...; Question 143: There is reason to believe that a recently modified web appl...; Question 144: Which of the following techniques MOST clearly indicates whe...; Question 145: A new port needs to be opened in a perimeter firewall. Which...; Question 146: The MOST effective use of a risk register is to:...; Question 147: Several business units reported problems with their systems ...; Question 148: Identification and prioritization of business risk enables p...; Question 149: An organization's operations staff places payment files in a...; Question 150: What is the BEST way to alleviate security team understaffin...; Question 151: The implementation of continuous monitoring controls is the ...; Question 152: An information security manager is recommending an investmen...; Question 153: An extranet server should be placed:...; Question 154: When performing an information risk analysis, an information...; Question 155: Which of the following is the BEST mechanism to determine th...; Question 156: If an organization considers taking legal action on a securi...; Question 157: Which of the following is the BEST method to reduce the numb...; Question 158: Emergency actions are taken at the early stage of a disaster...; Question 159: Which of the following is the MOST immediate consequence of ...; Question 160: One way to determine control effectiveness is by determining...; Question 161: Which of the following results from the risk assessment proc...; Question 162: A risk management program would be expected to:...; Question 163: An information security manager learns that a departmental s...; Question 164: The BEST way to facilitate the reporting and escalation of p...; Question 165: Which of the following would be the MOST appropriate physica...; Question 166: The PRIMARY focus of the change control process is to ensure...; Question 167: An organization is already certified to an international sec...; Question 168: Which of the following is the MOST important element to ensu...; Question 169: Which of the following is the MOST effective way to treat a ...; Question 170: Senior management has approved employees working off-site by...; Question 171: The MOST important objective of a post incident review is to...; Question 172: Which of the following is the MOST appropriate use of gap an...; Question 173: A major trading partner with access to the internal network ...; Question 174: A data leakage prevention (DLP) solution has identified that...; Question 175: An information security organization should PRIMARILY:...; Question 176: Which of the following has the highest priority when definin...; Question 177: Detailed business continuity plans should be based PRIMARILY...; Question 178: Which of the following is the BEST way to verify that all cr...; Question 179: Which of the following would be MOST appropriate for collect...; Question 180: Security governance is MOST associated with which of the fol...; Question 181: A newly hired information security manager reviewing an exis...; Question 182: Which of the following is the MOST appropriate method of ens...; Question 183: Which of the following are the essential ingredients of a bu...; Question 184: The configuration management plan should PRIMARILY be based ...; Question 185: A project manager is developing a developer portal and reque...; Question 186: Requiring all employees and contractors to meet personnel se...; Question 187: Which of the following should be in place before a black box...; Question 188: In assessing the degree to which an organization may be affe...; Question 189: When security policies are strictly enforced, the initial im...; Question 190: Which of the following would be MOST effective in ensuring t...; Question 191: Who is responsible for ensuring that information is classifi...; Question 192: After detecting an advanced persistent threat (APT), which o...; Question 193: A database was compromised by guessing the password for a sh...; Question 194: The decision on whether new risks should fall under periodic...; Question 195: Who is responsible for raising awareness of the need for ade...; Question 196: Which of the following defines the triggers within a busines...; Question 197: An incident response team has determined there is a need to ...; Question 198: A computer incident response team (CIRT) manual should PRIMA...; Question 199: Data owners are PRIMARILY responsible for establishing risk ...; Question 200: Which of the following is the FIRST phase in which security ...; Question 201: When the computer incident response team (CIRT) finds clear ...; Question 202: An organization is considering moving one of its critical bu...; Question 203: The BEST method for detecting and monitoring a hacker's acti...; Question 204: The MOST appropriate owner of customer data stored in a cent...; Question 205: Good information security procedures should:...; Question 206: Which of the following attacks is BEST mitigated by utilizin...; Question 207: A large organization is considering a policy that would allo...; Question 208: Which would be one of the BEST metrics an information securi...; Question 209: Which of the following would BEST assist an information secu...; Question 210: A web server in a financial institution that has been compro...; Question 211: Which two components PRIMARILY must be assessed in an effect...; Question 212: Who would be in the BEST position to determine the recovery ...; Question 213: The valuation of IT assets should be performed by:...; Question 214: Which of the following would BEST address the risk of data l...; Question 215: An organization plans to contract with an outside service pr...; Question 216: Which of the following is the MAIN reason for performing ris...; Question 217: When a significant security breach occurs, what should be re...; Question 218: The management staff of an organization that does not have a...; Question 219: During the security review of organizational servers, it was...; Question 220: Which of the following would be MOST critical to the success...; Question 221: Which of the following is MOST effective in preventing secur...; Question 222: Which resource is the MOST effective in preventing physical ...; Question 223: To address the issue that performance pressures on IT may co...; Question 224: A security risk assessment exercise should be repeated at re...; Question 225: Which of the following BEST enables the deployment of consis...; Question 226: Which of the following security activities should be impleme...; Question 227: Which of the following processes is critical for deciding pr...; Question 228: Before engaging outsourced providers, an information securit...; Question 229: To mitigate a situation where one of the programmers of an a...; Question 230: The security responsibility of data custodians in an organiz...; Question 231: Which of the following would be the BEST indicator that an o...; Question 232: Which of the following is MOST important to consider when de...; Question 233: Which of the following application systems should have the s...; Question 234: An unauthorized user gained access to a merchant's database ...; Question 235: It is MOST important for an information security manager to ...; Question 236: Which of the following roles is PRIMARILY responsible for de...; Question 237: Which of the following documents would be the BEST reference...; Question 238: An organization keeps backup tapes of its servers at a warm ...; Question 239: The PRIMARY reason for initiating a policy exception process...; Question 240: A successful risk management program should lead to:...; Question 241: Which of the following risks is represented in the risk appe...; Question 242: An incident response policy must contain:...; Question 243: Managing the life cycle of a digital certificate is a role o...; Question 244: As part of an international expansion plan, an organization ...; Question 245: An information security manager has been asked to create a s...; Question 246: Risk acceptance is a component of which of the following?...; Question 247: What should be an information security manager's FIRST cours...; Question 248: The PRIMARY reason for assigning classes of sensitivity and ...; Question 249: Why is "slack space" of value to an information security man...; Question 250: Phishing is BEST mitigated by which of the following?...; Question 251: The effectiveness of virus detection software is MOST depend...; Question 252: Which of the following BEST ensures that information transmi...; Question 253: Which of the following would BEST mitigate identified vulner...; Question 254: A customer credit card database has been breached by hackers...; Question 255: The MOST important reason to use a centralized mechanism to ...; Question 256: Which of the following is the MOST important requirement for...; Question 257: An organization with multiple data centers has designated on...; Question 258: The recovery point objective (RPO) requires which of the fol...; Question 259: In an organization, the responsibilities for IT security are...; Question 260: Which of the following steps should be performed FIRST in th...; Question 261: To determine the selection of controls required to meet busi...; Question 262: An intrusion detection system should be placed:...; Question 263: A company has a network of branch offices with local file/pr...; Question 264: A critical component of a continuous improvement program for...; Question 265: A critical device is delivered with a single user and passwo...; Question 266: Which of the following is the PRIMARY reason for implementin...; Question 267: Which of the following is a risk of cross-training?...; Question 268: When designing the technical solution for a disaster recover...; Question 269: Which program element should be implemented FIRST in asset c...; Question 270: Which of the following would represent a violation of the ch...; Question 271: An organization plans to outsource its customer relationship...; Question 272: Ongoing tracking of remediation efforts to mitigate identifi...; Question 273: Which of the following should be determined FIRST when estab...; Question 274: At the conclusion of a disaster recovery test, which of the ...; Question 275: The MOST important function of a risk management program is ...; Question 276: Which of the following is the MOST serious exposure of autom...; Question 277: An information security manager is advised by contacts in la...; Question 278: An account with full administrative privileges over a produc...; Question 279: A post-incident review should be conducted by an incident ma...; Question 280: When performing a risk assessment, the MOST important consid...; Question 281: When residual risk is minimized:...; Question 282: Who is ultimately responsible for ensuring that information ...; Question 283: When segregation of duties concerns exists between IT suppor...; Question 284: Which of the following measures would be MOST effective agai...; Question 285: An information security manager has been assigned to impleme...; Question 286: Because of its importance to the business, an organization w...; Question 287: Of the following, which is the MOST important aspect of fore...; Question 288: The PRIMARY benefit of performing an information asset class...; Question 289: Which of the following authentication methods prevents authe...; Question 290: What is the BEST technique to determine which security contr...; Question 291: Which of the following provides the BKST confirmation that t...; Question 292: Which of the following is the MOST important consideration w...; Question 293: The advantage of sending messages using steganographic techn...; Question 294: The purpose of a corrective control is to:...; Question 295: The PRIMARY purpose of performing an internal attack and pen...; Question 296: Which of the following is MOST important when deciding wheth...; Question 297: Which of the following is MOST essential for a risk manageme...; Question 298: After completing a full IT risk assessment, who can BEST dec...; Question 299: Internal audit has reported a number of information security...; Question 300: A risk assessment should be conducted:...; Question 301: Which of the following is MOST difficult to achieve in a pub...; Question 302: Which of the following reduces the potential impact of socia...; Question 303: In assessing risk, it is MOST essential to:...; Question 304: When performing a business impact analysis (BIA), which of t...; Question 305: The MOST important element in achieving executive commitment...; Question 306: Which of the following would a security manager establish to...; Question 307: Attackers who exploit cross-site scripting vulnerabilities t...; Question 308: An information security manager believes that a network file...; Question 309: An organization is entering into an agreement with a new bus...; Question 310: The decision as to whether a risk has been reduced to an acc...; Question 311: Previously accepted risk should be:...; Question 312: When developing a security architecture, which of the follow...; Question 313: An effective way of protecting applications against Structur...; Question 314: Which of the following would be MOST effective in the strate...; Question 315: In which of the following system development life cycle (SDL...; Question 316: Which of the following should be performed FIRST in the afte...; Question 317: Which of the following is the MOST important element to ensu...; Question 318: The business advantage of implementing authentication tokens...; Question 319: Which of the following BEST enables an information security ...; Question 320: When considering whether to adopt a new information security...; Question 321: What is the MOST appropriate change management procedure for...; Question 322: Which of the following steps in conducting a risk assessment...; Question 323: Which of the following actions should lake place immediately...; Question 324: An organization has to comply with recently published indust...; Question 325: Which of the following BEST ensures timely and reliable acce...; Question 326: Which of the following risks would BEST be assessed using qu...; Question 327: Which of (lie following would be the MOST relevant factor wh...; Question 328: Which of the following is MOST effective in preventing weakn...; Question 329: Isolation and containment measures for a compromised compute...; Question 330: A possible breach of an organization's IT system is reported...; Question 331: Which item would be the BEST to include in the information s...; Question 332: Which of the following is the MOST important process that an...; Question 333: The systems administrator did not immediately notify the sec...; Question 334: What is the GREATEST risk when there is an excessive number ...; Question 335: What is the MOST important element to include when developin...; Question 336: Attacks using multiple methods to spread should be classifie...; Question 337: Security monitoring mechanisms should PRIMARILY:...; Question 338: When developing security standards, which of the following w...; Question 339: After assessing and mitigating the risks of a web applicatio...; Question 340: When defining a service level agreement (SLA) regarding the ...; Question 341: Which of the following is generally considered a fundamental...; Question 342: Which of the following terms and conditions represent a sign...; Question 343: In organizations where availability is a primary concern, th...; Question 344: The PRIMARY purpose of using risk analysis within a security...; Question 345: A global financial institution has decided not to take any f...; Question 346: What is the MAIN drawback of e-mailing password-protected zi...; Question 347: Which of the following is MOST closely associated with a bus...; Question 348: Which of the following would BEST help to identify vulnerabi...; Question 349: What is the BEST way to ensure data protection upon terminat...; Question 350: An organization has a process in place that involves the use...; Question 351: What does a network vulnerability assessment intend to ident...; Question 352: Which of the following will protect the confidentiality of d...; Question 353: Which of the following devices should be placed within a DMZ...; Question 354: An organization has implemented an enterprise resource plann...; Question 355: In the course of examining a computer system for forensic ev...; Question 356: A company recently developed a breakthrough technology. Sinc...; Question 357: Which of the following is the PRIMARY advantage of having an...; Question 358: A contract bid is digitally signed and electronically mailed...; Question 359: An information security manager reviewing firewall rules wil...; Question 360: An organization that outsourced its payroll processing perfo...; Question 361: What is the BEST method for mitigating against network denia...; Question 362: Which of the following BEST describes the scope of risk anal...; Question 363: To reduce the possibility of service interruptions, an entit...; Question 364: Which of the following is the MOST usable deliverable of an ...; Question 365: A risk management approach to information protection is:...; Question 366: Which of the following is the GREATEST risk of an inadequate...; Question 367: Documented standards/procedures for the use of cryptography ...; Question 368: What is the MOST cost-effective method of identifying new ve...; Question 369: What is the PRIMARY objective of a post-event review in inci...; Question 370: The service level agreement (SLA) for an outsourced IT funct...; Question 371: Recovery point objectives (RPOs) can be used to determine wh...; Question 372: When properly tested, which of the following would MOST effe...; Question 373: Before conducting a formal risk assessment of an organizatio...; Question 374: A benefit of using a full disclosure (white box) approach as...; Question 375: An organization's information security manager has been aske...; Question 376: The business continuity policy should contain which of the f...; Question 377: Which of the following would be MOST relevant to include in ...; Question 378: The effectiveness of the information security process is red...; Question 379: Which of the following is the MAIN objective in contracting ...; Question 380: All risk management activities are PRIMARILY designed to red...; Question 381: Which of the following tasks should be performed once a disa...; Question 382: An organization has implemented an enhanced password policy ...; Question 383: Which of the following is the MOST likely outcome of a well-...; Question 384: Which of the following risks would BEST be assessed using qu...; Question 385: A business impact analysis (BIA) is the BEST tool for calcul...; Question 386: Which of the following is the MOST effective at preventing a...; Question 387: What is the FIRST action an information security manager sho...; Question 388: Which of the following vulnerabilities presents the GREATEST...; Question 389: The PRIMARY purpose of involving third-party teams for carry...; Question 390: The PRIMARY reason for involving information security at eac...; Question 391: It is important to classify and determine relative sensitivi...; Question 392: Risk assessment should be built into which of the following ...

Question 49/392

LEAVE A REPLY

Download PDF File