CISM Incident Management Response Certified Practice Exam
The FIRST priority when responding to a major security incident is:
Which of the following is the MOST important to ensure a successful recovery?
Backup media is stored offsite
Recovery location is secure and accessible
More than one hot site is available
Network alternate links are regularly tested
Which of the following is the MOST important element to ensure the success of a disaster recovery test at a vendor-provided hot site?
Tests are scheduled on weekends
Network IP addresses are predefined
Equipment at the hot site is identical
Business management actively participates
At the conclusion of a disaster recovery test, which of the following should ALWAYS be performed prior to leaving the vendor’s hot site facility?
Erase data and software from devices
Conduct a meeting to evaluate the test
Complete an assessment of the hot site provider
Evaluate the results from all test scripts
An incident response policy must contain:
updated call trees.
press release templates.
critical backup files inventory.
The BEST approach in managing a security incident involving a successful penetration should be to:
allow business processes to continue during the response.
allow the security team to assess the attack profile.
permit the incident to continue to trace the source.
examine the incident response process for deficiencies.