CISM Exam Dumps | The FIRST step in an incident response plan is to:

<< Prev Question Next Question >>

Question 4/392

The FIRST step in an incident response plan is to:

A. notify- the appropriate individuals.

B. contain the effects of the incident to limit damage.

C. develop response strategies for systematic attacks.

D. validate the incident.

Question List (392q): Question 1: Which of the following events generally has the highest info...; Question 2: Who can BEST approve plans to implement an information secur...; Question 3: A desktop computer that was involved in a computer security ...; Question 4: The FIRST step in an incident response plan is to:...; Question 5: After obtaining commitment from senior management, which of ...; Question 6: Which of the following disaster recovery testing techniques ...; Question 7: To determine how a security breach occurred on the corporate...; Question 8: Which of the following is the BEST approach for an organizat...; Question 9: Which of the following activities performed by a database ad...; Question 10: The PRIMARY objective of a risk management program is to:...; Question 11: Which of the following is the BEST approach for improving in...; Question 12: A third party was engaged to develop a business application....; Question 13: What is the GREATEST advantage of documented guidelines and ...; Question 14: When creating a forensic image of a hard drive, which of the...; Question 15: An organization has decided to implement additional security...; Question 16: A company's mail server allows anonymous file transfer proto...; Question 17: In business-critical applications, user access should be app...; Question 18: An information security manager has developed a strategy to ...; Question 19: During a post-incident review, the sequence and correlation ...; Question 20: The PRIORITY action to be taken when a server is infected wi...; Question 21: After a risk assessment, it is determined that the cost to m...; Question 22: Quantitative risk analysis is MOST appropriate when assessme...; Question 23: Which of the following measures is the MOST effective deterr...; Question 24: Which of the following is the initial step in creating a fir...; Question 25: Simple Network Management Protocol v2 (SNMP v2) is used freq...; Question 26: A serious vulnerability is reported in the firewall software...; Question 27: Which of the following is the BEST indicator that an effecti...; Question 28: As an organization grows, exceptions to information security...; Question 29: What is the MOST important success factor in launching a cor...; Question 30: Risk management programs are designed to reduce risk to:...; Question 31: Which of the following is the BEST tool to maintain the curr...; Question 32: The "separation of duties" principle is violated if which of...; Question 33: An information security manager has completed a risk assessm...; Question 34: Which of the following is the MOST effective solution for pr...; Question 35: When training an incident response team, the advantage of us...; Question 36: When a new key business application goes into production, th...; Question 37: The PRIMARY goal of a corporate risk management program is t...; Question 38: The BEST way to mitigate the risk associated with a social e...; Question 39: What is the MOS T cost-effective means of improving security...; Question 40: When electronically stored information is requested during a...; Question 41: When performing a quantitative risk analysis, which of the f...; Question 42: Which of the following actions should be taken when an infor...; Question 43: Which of the following is the BEST way to determine if an in...; Question 44: Which would be the BEST recommendation to protect against ph...; Question 45: An information security program should focus on:...; Question 46: The PRIMARY consideration when defining recovery time object...; Question 47: Who can BEST advocate the development of and ensure the succ...; Question 48: Which of the following situations would be the MOST concern ...; Question 49: The BEST approach in managing a security incident involving ...; Question 50: In addition to backup data, which of the following is the MO...; Question 51: An organization provides information to its supply chain par...; Question 52: Of the following, whose input is of GREATEST importance in t...; Question 53: Following a significant change to the underlying code of an ...; Question 54: After a risk assessment study, a bank with global operations...; Question 55: Evidence from a compromised server has to be acquired for a ...; Question 56: To ensure that payroll systems continue on in an event of a ...; Question 57: The criticality and sensitivity of information assets is det...; Question 58: When a large organization discovers that it is the subject o...; Question 59: Which of the following would help management determine the r...; Question 60: The FIRST priority when responding to a major security incid...; Question 61: An online banking institution is concerned that the breach o...; Question 62: An organization has verified that its customer information w...; Question 63: To ensure that all information security procedures are funct...; Question 64: Which of the following would be the MOST effective counterme...; Question 65: An organization has learned of a security breach at another ...; Question 66: Which of the following would be of GREATEST importance to th...; Question 67: Of the following, retention of business records should be PR...; Question 68: Which of the following types of information would the inform...; Question 69: Based on the information provided, which of the following si...; Question 70: An organization plans to allow employees to use their own de...; Question 71: Which of the following is the MOST important consideration f...; Question 72: When implementing security controls, an information security...; Question 73: Which of the following is the BEST method for ensuring that ...; Question 74: A new e-mail virus that uses an attachment disguised as a pi...; Question 75: During the restoration of several servers, a critical proces...; Question 76: Which of the following are the MOST important criteria when ...; Question 77: How would an organization know if its new information securi...; Question 78: Which of the following would BEST ensure that security risk ...; Question 79: Which of the following would be a MAJOR consideration for an...; Question 80: In performing a risk assessment on the impact of losing a se...; Question 81: An information security manager reviewed the access control ...; Question 82: A risk analysis should:; Question 83: The MOST important reason for formally documenting security ...; Question 84: When an organization is using an automated tool to manage an...; Question 85: Data owners will determine what access and authorizations us...; Question 86: Which of the following is an example of a corrective control...; Question 87: Which of the following is the MOST critical activity to ensu...; Question 88: Change management procedures to ensure that disaster recover...; Question 89: In the course of responding 10 an information security incid...; Question 90: Which of the following would be the MOST important factor to...; Question 91: When a proposed system change violates an existing security ...; Question 92: The MAIN reason why asset classification is important to a s...; Question 93: The implementation of a capacity plan would prevent:...; Question 94: An intrusion detection system (IDS) should:...; Question 95: Which of the following is the BEST method to ensure the over...; Question 96: A data-hosting organization's data center houses servers, ap...; Question 97: When contracting with an outsourcer to provide security admi...; Question 98: What task should be performed once a security incident has b...; Question 99: Which of the following is MOST important in determining whet...; Question 100: An organization to integrate information security into its h...; Question 101: A business partner of a factory has remote read-only access ...; Question 102: The PRIMARY purpose of installing an intrusion detection sys...; Question 103: Which of the following BEST ensures that security risks will...; Question 104: A root kit was used to capture detailed accounts receivable ...; Question 105: Which of the following is the BEST metric for evaluating the...; Question 106: Which of the following is the BEST approach to mitigate onli...; Question 107: Which of the following is MOST important for an information ...; Question 108: Which of the following tools is MOST appropriate for determi...; Question 109: Which of the following is the PRIMARY prerequisite to implem...; Question 110: Which of the following is the MOST important to ensure a suc...; Question 111: Which of the following is the BEST metric for evaluating the...; Question 112: When developing a tabletop test plan for incident response t...; Question 113: The BEST strategy for risk management is to:...; Question 114: Which of the following is the MOST effective type of access ...; Question 115: A mission-critical system has been identified as having an a...; Question 116: Who should determine the appropriate classification of accou...; Question 117: An organization has been experiencing a number of network-ba...; Question 118: An information security manager has been asked to develop a ...; Question 119: Ensuring that an organization can conduct security reviews w...; Question 120: Which of the following would be the MOST significant securit...; Question 121: To justify the establishment of an incident management team,...; Question 122: Which of the following is MOST critical for the successful i...; Question 123: When performing a qualitative risk analysis, which of the fo...; Question 124: Information security managers should use risk assessment tec...; Question 125: In business critical applications, where shared access to el...; Question 126: Which of the following would raise security awareness among ...; Question 127: When collecting evidence for forensic analysis, it is import...; Question 128: What mechanisms are used to identify deficiencies that would...; Question 129: Which is the BEST way to measure and prioritize aggregate ri...; Question 130: A common concern with poorly written web applications is tha...; Question 131: The root cause of a successful cross site request forgery (X...; Question 132: There is a time lag between the time when a security vulnera...; Question 133: The BEST reason for an organization to have two discrete fir...; Question 134: Which of the following is the MOST effective, positive metho...; Question 135: Which of the following groups would be in the BEST position ...; Question 136: Which of the following will BEST prevent external security a...; Question 137: Which of the following actions should be taken when an onlin...; Question 138: The impact of losing frame relay network connectivity for 18...; Question 139: Risk assessment is MOST effective when performed:...; Question 140: In designing a backup strategy that will be consistent with ...; Question 141: A semi-annual disaster recovery test has been completed. Whi...; Question 142: Which of the following recovery strategies has the GREATEST ...; Question 143: There is reason to believe that a recently modified web appl...; Question 144: Which of the following techniques MOST clearly indicates whe...; Question 145: A new port needs to be opened in a perimeter firewall. Which...; Question 146: The MOST effective use of a risk register is to:...; Question 147: Several business units reported problems with their systems ...; Question 148: Identification and prioritization of business risk enables p...; Question 149: An organization's operations staff places payment files in a...; Question 150: What is the BEST way to alleviate security team understaffin...; Question 151: The implementation of continuous monitoring controls is the ...; Question 152: An information security manager is recommending an investmen...; Question 153: An extranet server should be placed:...; Question 154: When performing an information risk analysis, an information...; Question 155: Which of the following is the BEST mechanism to determine th...; Question 156: If an organization considers taking legal action on a securi...; Question 157: Which of the following is the BEST method to reduce the numb...; Question 158: Emergency actions are taken at the early stage of a disaster...; Question 159: Which of the following is the MOST immediate consequence of ...; Question 160: One way to determine control effectiveness is by determining...; Question 161: Which of the following results from the risk assessment proc...; Question 162: A risk management program would be expected to:...; Question 163: An information security manager learns that a departmental s...; Question 164: The BEST way to facilitate the reporting and escalation of p...; Question 165: Which of the following would be the MOST appropriate physica...; Question 166: The PRIMARY focus of the change control process is to ensure...; Question 167: An organization is already certified to an international sec...; Question 168: Which of the following is the MOST important element to ensu...; Question 169: Which of the following is the MOST effective way to treat a ...; Question 170: Senior management has approved employees working off-site by...; Question 171: The MOST important objective of a post incident review is to...; Question 172: Which of the following is the MOST appropriate use of gap an...; Question 173: A major trading partner with access to the internal network ...; Question 174: A data leakage prevention (DLP) solution has identified that...; Question 175: An information security organization should PRIMARILY:...; Question 176: Which of the following has the highest priority when definin...; Question 177: Detailed business continuity plans should be based PRIMARILY...; Question 178: Which of the following is the BEST way to verify that all cr...; Question 179: Which of the following would be MOST appropriate for collect...; Question 180: Security governance is MOST associated with which of the fol...; Question 181: A newly hired information security manager reviewing an exis...; Question 182: Which of the following is the MOST appropriate method of ens...; Question 183: Which of the following are the essential ingredients of a bu...; Question 184: The configuration management plan should PRIMARILY be based ...; Question 185: A project manager is developing a developer portal and reque...; Question 186: Requiring all employees and contractors to meet personnel se...; Question 187: Which of the following should be in place before a black box...; Question 188: In assessing the degree to which an organization may be affe...; Question 189: When security policies are strictly enforced, the initial im...; Question 190: Which of the following would be MOST effective in ensuring t...; Question 191: Who is responsible for ensuring that information is classifi...; Question 192: After detecting an advanced persistent threat (APT), which o...; Question 193: A database was compromised by guessing the password for a sh...; Question 194: The decision on whether new risks should fall under periodic...; Question 195: Who is responsible for raising awareness of the need for ade...; Question 196: Which of the following defines the triggers within a busines...; Question 197: An incident response team has determined there is a need to ...; Question 198: A computer incident response team (CIRT) manual should PRIMA...; Question 199: Data owners are PRIMARILY responsible for establishing risk ...; Question 200: Which of the following is the FIRST phase in which security ...; Question 201: When the computer incident response team (CIRT) finds clear ...; Question 202: An organization is considering moving one of its critical bu...; Question 203: The BEST method for detecting and monitoring a hacker's acti...; Question 204: The MOST appropriate owner of customer data stored in a cent...; Question 205: Good information security procedures should:...; Question 206: Which of the following attacks is BEST mitigated by utilizin...; Question 207: A large organization is considering a policy that would allo...; Question 208: Which would be one of the BEST metrics an information securi...; Question 209: Which of the following would BEST assist an information secu...; Question 210: A web server in a financial institution that has been compro...; Question 211: Which two components PRIMARILY must be assessed in an effect...; Question 212: Who would be in the BEST position to determine the recovery ...; Question 213: The valuation of IT assets should be performed by:...; Question 214: Which of the following would BEST address the risk of data l...; Question 215: An organization plans to contract with an outside service pr...; Question 216: Which of the following is the MAIN reason for performing ris...; Question 217: When a significant security breach occurs, what should be re...; Question 218: The management staff of an organization that does not have a...; Question 219: During the security review of organizational servers, it was...; Question 220: Which of the following would be MOST critical to the success...; Question 221: Which of the following is MOST effective in preventing secur...; Question 222: Which resource is the MOST effective in preventing physical ...; Question 223: To address the issue that performance pressures on IT may co...; Question 224: A security risk assessment exercise should be repeated at re...; Question 225: Which of the following BEST enables the deployment of consis...; Question 226: Which of the following security activities should be impleme...; Question 227: Which of the following processes is critical for deciding pr...; Question 228: Before engaging outsourced providers, an information securit...; Question 229: To mitigate a situation where one of the programmers of an a...; Question 230: The security responsibility of data custodians in an organiz...; Question 231: Which of the following would be the BEST indicator that an o...; Question 232: Which of the following is MOST important to consider when de...; Question 233: Which of the following application systems should have the s...; Question 234: An unauthorized user gained access to a merchant's database ...; Question 235: It is MOST important for an information security manager to ...; Question 236: Which of the following roles is PRIMARILY responsible for de...; Question 237: Which of the following documents would be the BEST reference...; Question 238: An organization keeps backup tapes of its servers at a warm ...; Question 239: The PRIMARY reason for initiating a policy exception process...; Question 240: A successful risk management program should lead to:...; Question 241: Which of the following risks is represented in the risk appe...; Question 242: An incident response policy must contain:...; Question 243: Managing the life cycle of a digital certificate is a role o...; Question 244: As part of an international expansion plan, an organization ...; Question 245: An information security manager has been asked to create a s...; Question 246: Risk acceptance is a component of which of the following?...; Question 247: What should be an information security manager's FIRST cours...; Question 248: The PRIMARY reason for assigning classes of sensitivity and ...; Question 249: Why is "slack space" of value to an information security man...; Question 250: Phishing is BEST mitigated by which of the following?...; Question 251: The effectiveness of virus detection software is MOST depend...; Question 252: Which of the following BEST ensures that information transmi...; Question 253: Which of the following would BEST mitigate identified vulner...; Question 254: A customer credit card database has been breached by hackers...; Question 255: The MOST important reason to use a centralized mechanism to ...; Question 256: Which of the following is the MOST important requirement for...; Question 257: An organization with multiple data centers has designated on...; Question 258: The recovery point objective (RPO) requires which of the fol...; Question 259: In an organization, the responsibilities for IT security are...; Question 260: Which of the following steps should be performed FIRST in th...; Question 261: To determine the selection of controls required to meet busi...; Question 262: An intrusion detection system should be placed:...; Question 263: A company has a network of branch offices with local file/pr...; Question 264: A critical component of a continuous improvement program for...; Question 265: A critical device is delivered with a single user and passwo...; Question 266: Which of the following is the PRIMARY reason for implementin...; Question 267: Which of the following is a risk of cross-training?...; Question 268: When designing the technical solution for a disaster recover...; Question 269: Which program element should be implemented FIRST in asset c...; Question 270: Which of the following would represent a violation of the ch...; Question 271: An organization plans to outsource its customer relationship...; Question 272: Ongoing tracking of remediation efforts to mitigate identifi...; Question 273: Which of the following should be determined FIRST when estab...; Question 274: At the conclusion of a disaster recovery test, which of the ...; Question 275: The MOST important function of a risk management program is ...; Question 276: Which of the following is the MOST serious exposure of autom...; Question 277: An information security manager is advised by contacts in la...; Question 278: An account with full administrative privileges over a produc...; Question 279: A post-incident review should be conducted by an incident ma...; Question 280: When performing a risk assessment, the MOST important consid...; Question 281: When residual risk is minimized:...; Question 282: Who is ultimately responsible for ensuring that information ...; Question 283: When segregation of duties concerns exists between IT suppor...; Question 284: Which of the following measures would be MOST effective agai...; Question 285: An information security manager has been assigned to impleme...; Question 286: Because of its importance to the business, an organization w...; Question 287: Of the following, which is the MOST important aspect of fore...; Question 288: The PRIMARY benefit of performing an information asset class...; Question 289: Which of the following authentication methods prevents authe...; Question 290: What is the BEST technique to determine which security contr...; Question 291: Which of the following provides the BKST confirmation that t...; Question 292: Which of the following is the MOST important consideration w...; Question 293: The advantage of sending messages using steganographic techn...; Question 294: The purpose of a corrective control is to:...; Question 295: The PRIMARY purpose of performing an internal attack and pen...; Question 296: Which of the following is MOST important when deciding wheth...; Question 297: Which of the following is MOST essential for a risk manageme...; Question 298: After completing a full IT risk assessment, who can BEST dec...; Question 299: Internal audit has reported a number of information security...; Question 300: A risk assessment should be conducted:...; Question 301: Which of the following is MOST difficult to achieve in a pub...; Question 302: Which of the following reduces the potential impact of socia...; Question 303: In assessing risk, it is MOST essential to:...; Question 304: When performing a business impact analysis (BIA), which of t...; Question 305: The MOST important element in achieving executive commitment...; Question 306: Which of the following would a security manager establish to...; Question 307: Attackers who exploit cross-site scripting vulnerabilities t...; Question 308: An information security manager believes that a network file...; Question 309: An organization is entering into an agreement with a new bus...; Question 310: The decision as to whether a risk has been reduced to an acc...; Question 311: Previously accepted risk should be:...; Question 312: When developing a security architecture, which of the follow...; Question 313: An effective way of protecting applications against Structur...; Question 314: Which of the following would be MOST effective in the strate...; Question 315: In which of the following system development life cycle (SDL...; Question 316: Which of the following should be performed FIRST in the afte...; Question 317: Which of the following is the MOST important element to ensu...; Question 318: The business advantage of implementing authentication tokens...; Question 319: Which of the following BEST enables an information security ...; Question 320: When considering whether to adopt a new information security...; Question 321: What is the MOST appropriate change management procedure for...; Question 322: Which of the following steps in conducting a risk assessment...; Question 323: Which of the following actions should lake place immediately...; Question 324: An organization has to comply with recently published indust...; Question 325: Which of the following BEST ensures timely and reliable acce...; Question 326: Which of the following risks would BEST be assessed using qu...; Question 327: Which of (lie following would be the MOST relevant factor wh...; Question 328: Which of the following is MOST effective in preventing weakn...; Question 329: Isolation and containment measures for a compromised compute...; Question 330: A possible breach of an organization's IT system is reported...; Question 331: Which item would be the BEST to include in the information s...; Question 332: Which of the following is the MOST important process that an...; Question 333: The systems administrator did not immediately notify the sec...; Question 334: What is the GREATEST risk when there is an excessive number ...; Question 335: What is the MOST important element to include when developin...; Question 336: Attacks using multiple methods to spread should be classifie...; Question 337: Security monitoring mechanisms should PRIMARILY:...; Question 338: When developing security standards, which of the following w...; Question 339: After assessing and mitigating the risks of a web applicatio...; Question 340: When defining a service level agreement (SLA) regarding the ...; Question 341: Which of the following is generally considered a fundamental...; Question 342: Which of the following terms and conditions represent a sign...; Question 343: In organizations where availability is a primary concern, th...; Question 344: The PRIMARY purpose of using risk analysis within a security...; Question 345: A global financial institution has decided not to take any f...; Question 346: What is the MAIN drawback of e-mailing password-protected zi...; Question 347: Which of the following is MOST closely associated with a bus...; Question 348: Which of the following would BEST help to identify vulnerabi...; Question 349: What is the BEST way to ensure data protection upon terminat...; Question 350: An organization has a process in place that involves the use...; Question 351: What does a network vulnerability assessment intend to ident...; Question 352: Which of the following will protect the confidentiality of d...; Question 353: Which of the following devices should be placed within a DMZ...; Question 354: An organization has implemented an enterprise resource plann...; Question 355: In the course of examining a computer system for forensic ev...; Question 356: A company recently developed a breakthrough technology. Sinc...; Question 357: Which of the following is the PRIMARY advantage of having an...; Question 358: A contract bid is digitally signed and electronically mailed...; Question 359: An information security manager reviewing firewall rules wil...; Question 360: An organization that outsourced its payroll processing perfo...; Question 361: What is the BEST method for mitigating against network denia...; Question 362: Which of the following BEST describes the scope of risk anal...; Question 363: To reduce the possibility of service interruptions, an entit...; Question 364: Which of the following is the MOST usable deliverable of an ...; Question 365: A risk management approach to information protection is:...; Question 366: Which of the following is the GREATEST risk of an inadequate...; Question 367: Documented standards/procedures for the use of cryptography ...; Question 368: What is the MOST cost-effective method of identifying new ve...; Question 369: What is the PRIMARY objective of a post-event review in inci...; Question 370: The service level agreement (SLA) for an outsourced IT funct...; Question 371: Recovery point objectives (RPOs) can be used to determine wh...; Question 372: When properly tested, which of the following would MOST effe...; Question 373: Before conducting a formal risk assessment of an organizatio...; Question 374: A benefit of using a full disclosure (white box) approach as...; Question 375: An organization's information security manager has been aske...; Question 376: The business continuity policy should contain which of the f...; Question 377: Which of the following would be MOST relevant to include in ...; Question 378: The effectiveness of the information security process is red...; Question 379: Which of the following is the MAIN objective in contracting ...; Question 380: All risk management activities are PRIMARILY designed to red...; Question 381: Which of the following tasks should be performed once a disa...; Question 382: An organization has implemented an enhanced password policy ...; Question 383: Which of the following is the MOST likely outcome of a well-...; Question 384: Which of the following risks would BEST be assessed using qu...; Question 385: A business impact analysis (BIA) is the BEST tool for calcul...; Question 386: Which of the following is the MOST effective at preventing a...; Question 387: What is the FIRST action an information security manager sho...; Question 388: Which of the following vulnerabilities presents the GREATEST...; Question 389: The PRIMARY purpose of involving third-party teams for carry...; Question 390: The PRIMARY reason for involving information security at eac...; Question 391: It is important to classify and determine relative sensitivi...; Question 392: Risk assessment should be built into which of the following ...

Question 4/392

LEAVE A REPLY

Download PDF File