CISM Practice C Topic 5 Flashcards
Which of the following should be determined FIRST when establishing a business continuity program?
Incremental daily cost of the unavailability of systems
A desktop computer that was involved in a computer security incident should be secured as evidence by:
disconnecting the computer from all power sources.
A company has a network of branch offices with local file/print and mail servers; each branch individually contracts a hot site. Which of the following would be the GREATEST weakness in recovery capability?
The provider services all major companies in the area
Which of the following actions should be taken when an online trading company discovers a network attack in progress?
Isolate the affected network segment
The BEST method for detecting and monitoring a hacker’s activities without exposing information assets to unnecessary risk is to utilize:
decoy files.
The FIRST priority when responding to a major security incident is:
containment
Which of the following is the MOST important to ensure a successful recovery?
Backup media is stored offsite
Which of the following is the MOST important element to ensure the success of a disaster recovery test at a vendor-provided hot site?
Business management actively participates
At the conclusion of a disaster recovery test, which of the following should ALWAYS be performed prior to leaving the vendor’s hot site facility?
Erase data and software from devices
An incident response policy must contain:
escalation criteria.
The BEST approach in managing a security incident involving a successful penetration should be to:
allow business processes to continue during the response.
A post-incident review should be conducted by an incident management team to determine:
lessons learned.
An organization with multiple data centers has designated one of its own facilities as the recovery site. The MOST important concern is the:
current processing capacity loads at data centers.
Which of the following is MOST important in determining whether a disaster recovery test is successful?
Critical business processes are duplicated
Which of the following is MOST important when deciding whether to build an alternate facility or subscribe to a third-party hot site?
Infrastructure complexity and system sensitivity
A new e-mail virus that uses an attachment disguised as a picture file is spreading rapidly over the Internet. Which of the following should be performed FIRST in response to this threat?
Block all e-mails containing picture file attachments
When a large organization discovers that it is the subject of a network probe, which of the following actions should be taken?
Monitor the probe and isolate the affected segment
Which of the following terms and conditions represent a significant deficiency if included in a commercial hot site contract?
All equipment is provided “at time of disaster, not on floor”
Which of the following should be performed FIRST in the aftermath of a denial-of-service attack?
Conduct an assessment to determine system status
Which of the following is the MOST important element to ensure the successful recovery of a business during a disaster?
Detailed technical recovery plans are maintained offsite
The business continuity policy should contain which of the following?
Recovery criteria
The PRIMARY purpose of installing an intrusion detection system (IDS) is to identify:
potential attacks on the internal network.
When an organization is using an automated tool to manage and house its business continuity plans, which of the following is the PRIMARY concern?
Ensuring accessibility should a disaster occur
Which of the following is the BEST way to verify that all critical production servers are utilizing up-to-date virus signature files?
Check a sample of servers that the signature files are current
Which of the following actions should be taken when an information security manager discovers that a hacker is foot printing the network perimeter?
Check IDS logs and monitor for any active attacks
Which of the following are the MOST important criteria when selecting virus protection software?
Ease of maintenance and frequency of updates
Which of the following is the MOST serious exposure of automatically updating virus signature files on every desktop each Friday at 11:00 p.m. (23:00 hrs.)?
Systems are vulnerable to new viruses during the intervening week
When performing a business impact analysis (BIA), which of the following should calculate the recovery time and cost estimates?
Business process owners
Which of the following is MOST closely associated with a business continuity program?
Developing recovery time objectives (RTOs) for critical functions
Which of the following application systems should have the shortest recovery time objective (RTO)?
E-commerce web site
A computer incident response team (CIRT) manual should PRIMARILY contain which of the following documents?
Severity criteria
The PRIMARY purpose of performing an internal attack and penetration test as part of an incident response program is to identify:
weaknesses in network and server security.
Which of the following would represent a violation of the chain of custody when a backup tape has been identified as evidence in a fraud investigation?
kept in the tape library pending further analysis.
When properly tested, which of the following would MOST effectively support an information security manager in handling a security breach?
Incident response plan