Set 4
Click anywhere on the flashcard to reveal the answer.
What should be the highest priority when designing an incident response plan?
Safety of human life
Who can best determine the severity of an incident?
The business process owner of the affected operational areas
What is the acceptability of a partial system recovery after a security incident most likely based on?
The service delivery objective
What is the maximum tolerable outage (MTO)?
The maximum tolerable outage (MTO) is the maximum period of time that an organization can operate from an alternate mode/site due to resource constraints.
What is the allowable interruption window (AIW)?
The allowable interruption window (AIW) is the maximum period of time for which normal operations of an organization can be down. After this point, the organization starts facing major financial difficulties threatening its business objectives.
What should the relationship between the MTO and AIW be?
The MTO should be equal to or higher than the AIW. Generally, the MTO should be as long as the AIW to minimize risk to the organization.
What are the most important factors for the identification of an incident?
• Security awareness training
• Well-defined communication channels
What does the triage phase provide?
Triage provides a snapshot of the current status of all incidents reported, making it possible to assign resources in accordance with criticality.
In which phase of incident management is root cause analysis conducted (i.e., containment/eradication/lessons learned/recovery)?
Eradication
What is the primary basis on which a business continuity plan is developed?
The recovery strategy approved by senior management
What is the primary factor for determining the MTO?
The available resources to operate from an alternate site
Which data center recovery strategy has the greatest chance of failure?
Reciprocal arrangement
As an information security manager, you need to prioritize and select the processes that can be included in the business continuity plan. You should refer to:
The business impact analysis
Define recovery time objective (RTO).
The extent of acceptable system downtime
A backup strategy is primarily influenced by:
The recovery point objective (RPO)
Which type of test provides the best assurance of the effectiveness of business continuity plans (BCPs) and disaster recovery plans (DRPs)?
A full interruption test
What is the most effective method to determine whether the DRP is being kept up to date?
Regular testing of the disaster recovery plan
What is the difference between a parallel test and a simulation test?
In a parallel test, the recovery site is activated, whereas in a simulation test, the recovery site is not activated.
What is the ideal frequency for updating the virus signature files of anti-malware software?
Daily
What is the first step when initiating a forensic investigation?
Determining the process to ensure the chain of custody
What is the most important factor of forensic investigations that will potentially involve legal action?
Chain of custody
What are the basic steps for investigating a suspected hard disk or server?
1. The first action is to create a bit-by-bit image of the original media.
2. The second step is to create and compare a hash of the original media and the copied media. This will help ensure that the copy is an exact replica of the original.
3. The third step is to analyze media from the copied drive. To the extent possible, forensic analysis should not be performed on the original media as it may impact the integrity of the evidence.
What is the most effective way to reduce false positive alerts generated by security information event management (SIEM)?
Building business use cases
What is the most important characteristic of SIEM?
It promotes compliance with security policies.
SIEM can provide information on policy compliance as well as incident monitoring and other capabilities.
What is the most effective way to reduce financial impact due to downtime caused by an incident?
Business interruption insurance
CISM Exam Prep Guide 2nd Edition
By Hemang Doshi
Buy the book to unlock all practice questions, flashcards, and exam tips.
Buy It Here