
CISM Domain 4 Exam

Quiz
•
Specialty
•
Professional Development
•
Hard
pillowtalk 151
FREE Resource
65 questions
Show all answers
1.
MULTIPLE CHOICE QUESTION
1 min • 1 pt
Daily backups to a local device
Weekly backups to an offsite location
Monthly backups to a cloud-based storage system
Hourly backups to a redundant, offsite location
Answer explanation
Hourly backups to a redundant, offsite location. This is the best approach for managing critical data backups during the preparation phase, as it ensures that the most up-to-date data is available in the event of an incident. The other options are not ideal, as daily, weekly, and monthly backups do not provide sufficient frequency of backups, and storing backups in a single location (whether local or offsite) can create a single point of failure.
2.
MULTIPLE CHOICE QUESTION
1 min • 1 pt
Using intrusion detection software
Regularly reviewing logs and system events
Conducting vulnerability scans
Monitoring employee emails
Answer explanation
Using intrusion detection software. This is the best approach for detecting a potential incident during the identification phase, as it can detect suspicious activity and alert security personnel to investigate further. The other options are not as effective, as reviewing logs and system events, conducting vulnerability scans, and monitoring employee emails are all reactive measures that may not detect incidents until after they have occurred.
3.
MULTIPLE CHOICE QUESTION
1 min • 1 pt
Interviewing witnesses and affected parties
Examining system logs and other evidence
Conducting vulnerability scans
Restoring systems to a previous state
Answer explanation
Examining system logs and other evidence. This is the best approach for determining the scope and impact of the incident during the investigation phase, as it can help identify the root cause of the incident and determine what systems or data were affected. Interviewing witnesses and affected parties can also be helpful, but it is not as effective as examining system logs and other evidence. Conducting vulnerability scans and restoring systems to a previous state are not effective during the investigation phase, as they are reactive measures that may not provide a full understanding of the incident.
4.
MULTIPLE CHOICE QUESTION
1 min • 1 pt
Installing software patches and updates
Restoring from a recent backup
Reformatting affected systems
Resetting all user passwords
Answer explanation
Restoring from a recent backup. This is the best approach for restoring systems to normal operation during the recovery phase, as it can ensure that the systems are restored to a known good state. Installing software patches and updates is also important, but it is not sufficient on its own. Reformatting affected systems and resetting all user passwords are not necessary during the recovery phase, and may cause additional downtime and disruption.
5.
MULTIPLE CHOICE QUESTION
1 min • 1 pt
Preparation
Detection and Analysis
Containment, Eradication, and Recovery
Post-Incident Activity
Answer explanation
Detection and Analysis. In this stage, the incident is identified, categorized, and prioritized based on the initial analysis.
The other options aren't correct. Preparation is the stage where an organization prepares for potential security incidents by developing incident response plans, identifying key personnel, and implementing security controls. Containment, Eradication, and Recovery involve isolating the affected systems, removing the malware or attacker, and restoring normal operations. Post-Incident Activity involves documenting the incident, analyzing the response, and developing a plan to prevent similar incidents in the future.
6.
MULTIPLE CHOICE QUESTION
1 min • 1 pt
Preparation
Detection and Analysis
Containment, Eradication, and Recovery
Post-Incident Activity
Answer explanation
Once an incident has been identified and analyzed, the next step is to contain the incident, eradicate the malware or attacker, and recover any affected systems. The goal of this stage is to restore normal operations as quickly as possible while minimizing damage.
7.
MULTIPLE CHOICE QUESTION
1 min • 1 pt
Preparation
Detection and Analysis
Containment, Eradication, and Recovery
Post-Incident Activity
Answer explanation
Containment, Eradication, and Recovery.
After an incident has been contained, the focus shifts to eradicating the malware or attacker and recovering any affected systems. The goal of this stage is to restore normal operations as quickly as possible while minimizing damage.
Create a free account and access millions of resources
Similar Resources on Wayground
65 questions
Đề 5

Quiz
•
Professional Development
62 questions
Housekeeping Chapter 2

Quiz
•
Professional Development
60 questions
common997

Quiz
•
Professional Development
62 questions
Security+ Phase 6

Quiz
•
Professional Development
66 questions
WEEK 2

Quiz
•
Professional Development
61 questions
social aspects of communication

Quiz
•
Professional Development
63 questions
Aerospace/Drone Review

Quiz
•
10th Grade - Professi...
62 questions
OCI Foundations

Quiz
•
Professional Development
Popular Resources on Wayground
25 questions
Equations of Circles

Quiz
•
10th - 11th Grade
30 questions
Week 5 Memory Builder 1 (Multiplication and Division Facts)

Quiz
•
9th Grade
33 questions
Unit 3 Summative - Summer School: Immune System

Quiz
•
10th Grade
10 questions
Writing and Identifying Ratios Practice

Quiz
•
5th - 6th Grade
36 questions
Prime and Composite Numbers

Quiz
•
5th Grade
14 questions
Exterior and Interior angles of Polygons

Quiz
•
8th Grade
37 questions
Camp Re-cap Week 1 (no regression)

Quiz
•
9th - 12th Grade
46 questions
Biology Semester 1 Review

Quiz
•
10th Grade