CISM Information Security Incident Management

Question 1

What is the FIRST step in the incident response lifecycle according to best practices?

Accepted Answer

Preparation

Answer

Containment

Answer

Eradication

Answer

Recovery

Question 2

During a security incident, who is PRIMARILY responsible for declaring an incident a 'major incident'?

Accepted Answer

A designated incident manager or crisis management team

Answer

The system administrator who detected the anomaly

Answer

The external auditor assigned to the organization

Answer

The help desk technician who received the initial report

Question 3

Which of the following is the PRIMARY purpose of containment in incident response?

Accepted Answer

To limit the scope and impact of an ongoing incident

Answer

To permanently remove the root cause of the incident

Answer

To restore affected systems to normal operation

Answer

To document lessons learned from the incident

Question 4

A CISM is reviewing an incident response plan (IRP). Which element is MOST critical to include?

Accepted Answer

Defined escalation procedures and communication chains

Answer

A list of all security software licenses

Answer

Detailed technical specifications for all security tools

Answer

Annual training completion records for all staff

Question 5

After an incident is resolved, which activity is MOST important to improve future response?

Accepted Answer

Conducting a post-incident review (lessons learned)

Answer

Immediately patching all systems in the environment

Answer

Resetting all user passwords organization-wide

Answer

Replacing all affected hardware immediately

Question 6

Which of the following BEST describes the purpose of an incident response retainer with a third-party firm?

Accepted Answer

To ensure pre-negotiated access to expert resources during a crisis

Answer

To outsource all internal security operations permanently

Answer

To replace the need for an internal incident response plan

Answer

To satisfy cyber insurance policy requirements only