Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

CISM Study > InfoSec Incident Management > Flashcards

InfoSec Incident Management Flashcards

1
Q

How can configuration changes occur during an investigation?

A

Use the existing change control if it is sufficiently mature.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

What is the best method for developing a cyber-incident response plan in an organization?

A

Use an industry accepted standard plan template and adapt it to reflect existing processes and technologies.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

What do you do with a computer that is the subject of a forensic investigation?

A

Place the computer in a locked storage room

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

What do you do if an adversary has gained entry to a system via a compromised SSH key?

A

Revoke compromised keys and kill active processes

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Who is the best choice for the role of incident commander for a lengthy cyber security incident?

A

Incident response team members in 8 hour shifts

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

What is the average amount of time an organization takes to become aware of an active security incident?

A

220 days?

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

What is the purpose of threat hunting with respect to cyber-incident responses?

A

It provides early detection of cyber attacks

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

If there is an attack on a public facing application, what should you do?

A

Declare a disaster and fail over to DR systems once the adversary has been constrained on primary systems.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

What should be the course of action immediately following a breach?

A

Request an after-action review to understand how to improve response procedures

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

What is an AIW?

A

Acceptable Interruption Window: Maximum time period system can be down before affecting business value proposition

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

What is RPO?

A

Recovery Point Objective: Earliest point in time where data recoverability is tolerable – quantifies allowable amount of data loss per interruption

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

What is RTO?

A

Recovery Time objective: Time it takes to recover a business function or resource after an interruption occurs

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

What is MTO?

A

Maximum Tolerable Outage: Max amount of tie the enterprise can support data processing in the alternative site

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

What is SDO?

A

Service Delivery Objective: Level of services to achieve during stay at alternative site until restoration to main site is completed – relates to business processes and delivery of value proposition

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

What are the primary activities in an incident?

A

Preparation, detection, triage, containment, and Post-incident

How well did you know this?
1
Not at all
2
3
4
5
Perfectly

CISM Study (4 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2024 Bold Learning Solutions. Terms and Conditions