CISM Incident Management Response Certified Practice Exam Set 3

implementation of priority actions when the server has a virus is:


Options are :

  • isolate the infected server (s) online. (Correct)
  • to ensure that the virus database files are up to date.
  • None
  • identify all potential for infection caused.
  • to set up a firewall security weaknesses.

Answer : isolate the infected server (s) online.

Which of the following measures should lake place as soon as security breaches reported to the director of information security?


Options are :

  • We will notify stakeholders
  • to isolate the incident
  • determine the impact
  • None
  • Confirm the incident (Correct)

Answer : Confirm the incident

When creating a forensic image the hard drive, which of the following would be the first step?


Options are :

  • To establish the origin of the log of wood. (Correct)
  • Connect the hard drive write blocker.
  • None
  • To produce the contents of the hard disk encryption hash.
  • Identify recognized forensics tool creates the image.

Answer : To establish the origin of the log of wood.

When designing a technical solution to a disaster recovery site primary factor which must be taken into account is:


Options are :

  • the maximum tolerable outage (MTO).
  • None
  • recovery time objective (RTO).
  • Service delivery goal
  • the recovery window. (Correct)

Answer : the recovery window.

CISM Information Security Governance Certification

Which of the following situations would be of most concern to a Security?


Options are :

  • None
  • The help desk has received a number of results users receive phishing e-mails
  • Login ID ended analyst systems continue to exist in the system
  • Audit logs are not taken to production servers
  • Trojan was found to be installed in a portable system administrator (Correct)

Answer : Trojan was found to be installed in a portable system administrator

Customer credit card database has been breached by hackers. The first step to deal with this attack should be:


Options are :

  • notify law enforcement.
  • to begin containment.
  • To confirm the incident. (Correct)
  • announces senior management.
  • None

Answer : To confirm the incident.

What is the first measure information security manager should be taken when a company laptop is reported stolen?


Options are :

  • Removes a user account immediately
  • Update your company's notebook computer inventory
  • Ensuring reporting procedures (Correct)
  • None
  • assess the impact of data loss

Answer : Ensuring reporting procedures

Which of the following gives BKST confirmation that the business continuity / disaster recovery plan objectives have been achieved?


Options are :

  • Recovery time objective (RTO) is not exceeded testing (Correct)
  • Objective testing of business continuity / disaster recovery plan has been consistently
  • None
  • Information assets are valued and transferred to the owners of a business continuity plan, disaster recovery plan
  • The recovery point objective (RPO) has proved inadequate in a disaster recovery plan testing

Answer : Recovery time objective (RTO) is not exceeded testing

An intrusion detection system (IDS) would be:


Options are :

  • None
  • ignore anomalies
  • This requires a stable, rarely changed environment
  • located online
  • run continuously (Correct)

Answer : run continuously

The design of a backup strategy that is consistent with the primary return transaction strategy, a factor that must be taken into account are:


Options are :

  • The recovery point objective (RPO). (Correct)
  • Interrupt window.
  • None
  • the volume of sensitive information.
  • recovery time objective (RTO).

Answer : The recovery point objective (RPO).

CISM Information Security Governance Certified Test

Which of the following recovery strategies have the greatest chance of failure?


Options are :

  • hot site
  • redundant site
  • cold site
  • reciprocal arrangement (Correct)
  • None

Answer : reciprocal arrangement

When data is electronically stored requested during a fraud investigation, which of the following would be a priority?


Options are :

  • Creating a forensically sound image
  • By placing the data and to maintain integrity (Correct)
  • Issuing storage requirement for all parties
  • The duty to obtain information
  • None

Answer : By placing the data and to maintain integrity

The following, which is the most important thing a criminal investigation?


Options are :

  • chain of custody (Correct)
  • None
  • the independence of the investigator
  • the identification of the author,
  • timely intervention

Answer : chain of custody

Which of the following would be most appropriate for the collection and preservation of evidence?


Options are :

  • Log correlation software
  • None
  • Generic Audit software
  • Proven forensic processes (Correct)
  • . encrypted hard drives

Answer : Proven forensic processes

Recovery Point Objectives (rpoS) can be used to determine which of the following?


Options are :

  • Time to restore backups
  • Maximum tolerable downtime
  • None
  • the loss of the maximum tolerable period of data (Correct)
  • Basic operational elasticity

Answer : the loss of the maximum tolerable period of data

Security company director believes the file server had been hacked. Which of the following would be the first measure?


Options are :

  • Uncertain that critical server data is backed up.
  • Incident Response to start the process. (Correct)
  • Shut down the compromised server.
  • None
  • Turn off the grid.

Answer : Incident Response to start the process.

CISM Information Security Governance Certified Test

Which of the following would be an important aspect in determining the organization of its business continuity plan (BCP) and disaster recovery program (DRP)?


Options are :

  • certified systems
  • Adaptation recovery time objectives (RTOS) (Correct)
  • None
  • Set up a backup site
  • Data backup frequency

Answer : Adaptation recovery time objectives (RTOS)

In examining the computer system forensic evidence, information on the suspected breeding grounds for accidentally changed. Which of the following would have been the first thing to do investigative process?


Options are :

  • Perform bit-by-bit image of the original onto a media source the new media. (Correct)
  • Make a copy of all the files that are relevant to the investigation.
  • The backup is made of the suspect media for new media.
  • None
  • Run the error-checking program to all logical drives, so that there is no disk errors.

Answer : Perform bit-by-bit image of the original onto a media source the new media.

Which of the following disaster recovery testing techniques is the most cost effective way to determine the effectiveness of the plan?


Options are :

  • Full operational tests
  • None
  • The actual malfunction
  • Preparing for the test (Correct)
  • paper tests

Answer : Preparing for the test

An unauthorized user gained access to the merchant database server and the customer's credit card information. Which of the following would be the first step to preserve and protect from unauthorized intrusion activity?


Options are :

  • Copy the database log file to a secure server.
  • To isolate the server from the network. (Correct)
  • Shut down and power on the server.
  • None
  • Many of the server hard disk immediately.

Answer : To isolate the server from the network.

The organization keeps its backup tapes servers in a warm place. In order to ensure that tapes are properly maintained and usable during the system crashes, the most appropriate measure of the organization should do is:


Options are :

  • Use of test equipment in a warm site the opportunity to read the tapes.
  • Overlapping equipment available hot site.
  • pick up your tapes on top of a warm welcome and test them. (Correct)
  • to inspect the plant and warehouse ribbons on a quarterly basis.
  • None

Answer : pick up your tapes on top of a warm welcome and test them.

Which of the following is most important to the organization to interact with the media during the accident?


Options are :

  • None
  • Reporting losses and recovery strategy to the media
  • Refusing to comment until recovery
  • Referring to media authorities
  • Communicating in particular the message in the Drafts authorized person (Correct)

Answer : Communicating in particular the message in the Drafts authorized person

What role should be carried out once a security incident is confirmed?


Options are :

  • Incorporating the incident. (Correct)
  • Identify your case.
  • Determine the root cause of the incident.
  • Perform vulnerability assessment.
  • None

Answer : Incorporating the incident.

Which of the following is an example of correction control?


Options are :

  • None
  • By controlling the incoming traffic when responding to a denial of service (DoS) (Correct)
  • Examines the case of incoming network traffic for viruses
  • By logging incoming network traffic
  • By filtering network traffic from the outside before the internal network

Answer : By controlling the incoming traffic when responding to a denial of service (DoS)

CISM Information Security Governance Certified Test

Which of the following is the best way to determine the effectiveness of Incident Response process?


Options are :

  • Action recording and analysis
  • None
  • Post a case review (Correct)
  • The periodic audit process Incident Response
  • Incident Response Indicators

Answer : Post a case review

In addition, backup data, which of the following is most important to keep an offsite event of a disaster?


Options are :

  • Copies of business continuity plan (Correct)
  • Copies of critical and service level agreements (SLAs)
  • The key to the purchased software escrow agreements systems
  • None
  • List of emergency numbers of service providers

Answer : Copies of business continuity plan

If the organization is a legal action against a security incident, the information security manager should focus primarily on:


Options are :

  • while maintaining the integrity of the evidence. (Correct)
  • disconnect all computer equipment included.
  • reconstructed the sequence of events.
  • None
  • obtaining evidence as soon as possible.

Answer : while maintaining the integrity of the evidence.

The main goal of post-incident review is:


Options are :

  • to capture lessons learned to improve the process. (Correct)
  • None
  • to develop a process of continuous improvement.
  • to develop a business model security program budget.
  • identify new case management tools.

Answer : to capture lessons learned to improve the process.

The organization has ensured that its customer information have recently been exposed. Which of the following is the first step to a Security should be taken in this situation?


Options are :

  • None
  • determine the extent of the compromise. (Correct)
  • To advise the authorities.
  • Communicate with affected customers.
  • To inform senior management.

Answer : determine the extent of the compromise.

Serious vulnerability is reported in firewall enabled the organization. Which of the following would have a direct impact on the IT Security Manager?


Options are :

  • To obtain control of the firewall from (Correct)
  • To prevent the incoming traffic until a suitable solution is found in
  • None
  • Subscribe to Ground Penetration
  • Make sure that all OS patches are up to date

Answer : To obtain control of the firewall from

CISM Information Risk Management Certification

Comment / Suggestion Section
Point our Mistakes and Post Your Suggestions