1. An organization experienced a data breach and followed its incident response plan. Later it was discovered that the plan was incomplete, omitting a requirement to report the incident to the relevant authorities. In addition to establishing an updated incident response plan, which of the following would be MOST helpful in preventing a similar occurrence?
A) Attached reporting forms as an addendum to the incident response plan B) Management approval of the incident reporting process C) Ongoing evaluation of the incident response plan. D) Assignment of responsibility for communications.
2. An audit has determined that employee use of personal mobile devices to access the company email system is resulting in confidential data leakage. The information security manager's FIRST course of action should be to:
A) treat the situation as a security incident to determine appropriate response B) implement a data leakage prevention tool to stem further loss. C) isolate the mobile devices on the network for further investigation. D) treat the situation as a new risk and update the security risk register.
3. Which of the following is the MOST important criterion for complete closure of a security incident?
A) Level of potential impact B) Root-cause analysis and lessons learned C) Isolation and protection of affected resources D) Reporting to senior management
4. An incident response team has determined there is a need to isolate a system that is communicating with a known malicious host on the Internet.Which of the following stakeholders should be contacted FIRST?
A) Executive management B) System administrator C) Key customers D) The business owner
5. Which of the following is the MOST effective way to detect information security incidents?
A) Providing regular and up-to-date training for the incident response team B) Establishing proper policies for response to threats and vulnerabilities C) Performing regular testing of the incident response program D) Educating and users on threat awareness and timely reporting
Leave a comment