Test Questions

Question 1

Which phase of the 6 phase IR model must be followed to determine whether a security incident has occured?

Answer 1

Identification

Question 2

!st activity for determining the adequacy of the IRP?

Answer 2

Checklist Review

Question 3

Process to undertake if it is determined that the time to communicate an incident and the response time for acting on the incident is too long

Answer 3

GAP analysis - investigates the diff between current IR capabilities and desired incident response capability

Question 4

What protects a org after a internal breach of proprietary data

Answer 4

NDA

Question 5

Info security govern is derived in part from corp governance

Answer 5

True. Info Sec Governance is a subset of corp governance.

Question 6

What does info sec governance provide

Answer 6

Strategic directions and supports the orgs business goals

Question 7

Before risk can be prioritized, what must be done?

Answer 7

Perform a BIA

Question 8

Which risk assessment model organizes risk into a binary tree

Answer 8

FAIR (Factor Analysis on Info Risk. uses binary tree as logical framework for evaluating risk

Question 9

How is risk evaluted in the FAIR assessment model?

Answer 9

2 areas- Loss event frequency and probable loss magnitude

Question 10

What is ISO 27005

Answer 10

Framework for assessing risk- Uses elements of Cobit 5

Question 11

What is the Probalislistic Risk Assessment model (PRA)

Answer 11

A systematic methodology that analyzes risk according to three basic questions - 1. What can go wrong 2. How likely is it? 3 What are the consequences?

Question 12

What members of the IRT are responsible for ensuring criminal attackers are prosecued?

Answer 12

Legal, Steering group, Info sec manager

Question 13

What does a info sec manager responsible for?

Answer 13

developing and mantaining IR capabilities, managing risk and incidents and performing proactive and reactive measures

Question 14

What is a steering group responsible for?

Answer 14

Incident management and response concept, approving charter, approving exceptions/ deviations, and final decisionss

Question 15

What does incident response manager do?

Answer 15

Supervise tasks related to response, coordinates resources to complete tasks, take responsibility of the incident response plan execution and presents incident response report and lessons learned.

Question 16

What does IT security specialist do?

Answer 16

performs complex IR tasks and IT security assessment/ audit

Question 17

What should be done after determining threat level has cahnged

Answer 17

Begin Change Mangement Process- document all details, approve, implement, and test

Question 18

How to establish a process to protect an orgs assets

Answer 18

1 Bsuiness Impact Analysis 2. Return on Scurity Investment 3. Perform a risk analysis

Question 19

What is a ROSI

Answer 19

Return on security investment. Determine how much saved by the investment in mitigation methods

Question 20

What is a risk analysis

Answer 20

Estimates the liklihood of a loss

Question 21

Most important factor to ensure an IRP will handle security incidents successfully and effectively?

Answer 21

Test all aspects of the plan

Question 22

Valid method for assessing employees cysec training and awareness?

Answer 22

Phishing tests

Question 23

What is the 1st ste in the process of developing an info sec program?

Answer 23

Determine desired outcome for security

Question 24

Example of KPI for determining the performance of the info sec controls and policies

Answer 24

The number of incidents resolved per year within 2 minutes of occurrence

Question 25

WHat concept describes determining the disparity between exisitng controls in a systm and the control objectives

Answer 25

Performing a gap analysis

Question 26

What is Zachman framework

Answer 26

2 dimensional framework that enables analysis of org to be communicated in ways that are appropriate for each group. Analysis of the org can be presented to differnet groups in diff ways according to responsiblities

Question 27

What is SABSA

Answer 27

Sherwood APplied Buss Security Architecture- An enterpise security architecture framework that is risk driven

Question 28

What is TOGAF

Answer 28

The Open Group Arhitecture Framework - Framework that iteratively monitors and updates individual requirements

Question 29

What is NIST 800-53

Answer 29

It is a control framework

Question 30

How should an Org ensure legal, regulatory, and org requirements are followed during or after a sec incident

Answer 30

Incorporate the legal framework into the IRP

Question 31

What is the ultimate purpose of various metrics in the info sec program?

Answer 31

Decision making support

Question 32

Role responsible to developing the sec monitoring process and metrics to determine effectiveness of info sec process in protecting an org info assets

Answer 32

Info Sec manager

Question 33

WHat is CIO responsible for?

Answer 33

IT Planning, budgeting, and performance

Question 34

What are individual buss owners responsible for?

Answer 34

Assigning proper security controls

Question 35

Who should be contacted to escalate a response?

Answer 35

Whoever is listed in the incident response plan

Question 36

What is the most important reason for establishing and maintaing info sec policies?

Answer 36

Support the business goals of the org

Question 37

What entity is responsible for overseeing all security projects to ensure they align with the info sec strategy?

Answer 37

Steering committee

Question 38

What is the best desciption of security controls?

Answer 38

Security controls include any means of managing risk

Question 39

Who is responsible for contacting law enforcement?

Answer 39

Senior Management

Question 40

Which group is responsible for helping to achieve consensus on priorities and trade-offs with regards to security considerations

Answer 40

Steering committee