
CISM Domain 4 Exam

Quiz
•
Specialty
•
Professional Development
•
Hard
pillowtalk 151
FREE Resource
65 questions
Show all answers
1.
MULTIPLE CHOICE QUESTION
1 min • 1 pt
Daily backups to a local device
Weekly backups to an offsite location
Monthly backups to a cloud-based storage system
Hourly backups to a redundant, offsite location
Answer explanation
Hourly backups to a redundant, offsite location. This is the best approach for managing critical data backups during the preparation phase, as it ensures that the most up-to-date data is available in the event of an incident. The other options are not ideal, as daily, weekly, and monthly backups do not provide sufficient frequency of backups, and storing backups in a single location (whether local or offsite) can create a single point of failure.
2.
MULTIPLE CHOICE QUESTION
1 min • 1 pt
Using intrusion detection software
Regularly reviewing logs and system events
Conducting vulnerability scans
Monitoring employee emails
Answer explanation
Using intrusion detection software. This is the best approach for detecting a potential incident during the identification phase, as it can detect suspicious activity and alert security personnel to investigate further. The other options are not as effective, as reviewing logs and system events, conducting vulnerability scans, and monitoring employee emails are all reactive measures that may not detect incidents until after they have occurred.
3.
MULTIPLE CHOICE QUESTION
1 min • 1 pt
Interviewing witnesses and affected parties
Examining system logs and other evidence
Conducting vulnerability scans
Restoring systems to a previous state
Answer explanation
Examining system logs and other evidence. This is the best approach for determining the scope and impact of the incident during the investigation phase, as it can help identify the root cause of the incident and determine what systems or data were affected. Interviewing witnesses and affected parties can also be helpful, but it is not as effective as examining system logs and other evidence. Conducting vulnerability scans and restoring systems to a previous state are not effective during the investigation phase, as they are reactive measures that may not provide a full understanding of the incident.
4.
MULTIPLE CHOICE QUESTION
1 min • 1 pt
Installing software patches and updates
Restoring from a recent backup
Reformatting affected systems
Resetting all user passwords
Answer explanation
Restoring from a recent backup. This is the best approach for restoring systems to normal operation during the recovery phase, as it can ensure that the systems are restored to a known good state. Installing software patches and updates is also important, but it is not sufficient on its own. Reformatting affected systems and resetting all user passwords are not necessary during the recovery phase, and may cause additional downtime and disruption.
5.
MULTIPLE CHOICE QUESTION
1 min • 1 pt
Preparation
Detection and Analysis
Containment, Eradication, and Recovery
Post-Incident Activity
Answer explanation
Detection and Analysis. In this stage, the incident is identified, categorized, and prioritized based on the initial analysis.
The other options aren't correct. Preparation is the stage where an organization prepares for potential security incidents by developing incident response plans, identifying key personnel, and implementing security controls. Containment, Eradication, and Recovery involve isolating the affected systems, removing the malware or attacker, and restoring normal operations. Post-Incident Activity involves documenting the incident, analyzing the response, and developing a plan to prevent similar incidents in the future.
6.
MULTIPLE CHOICE QUESTION
1 min • 1 pt
Preparation
Detection and Analysis
Containment, Eradication, and Recovery
Post-Incident Activity
Answer explanation
Once an incident has been identified and analyzed, the next step is to contain the incident, eradicate the malware or attacker, and recover any affected systems. The goal of this stage is to restore normal operations as quickly as possible while minimizing damage.
7.
MULTIPLE CHOICE QUESTION
1 min • 1 pt
Preparation
Detection and Analysis
Containment, Eradication, and Recovery
Post-Incident Activity
Answer explanation
Containment, Eradication, and Recovery.
After an incident has been contained, the focus shifts to eradicating the malware or attacker and recovering any affected systems. The goal of this stage is to restore normal operations as quickly as possible while minimizing damage.
Create a free account and access millions of resources
Similar Resources on Quizizz
63 questions
Aerospace/Drone Review

Quiz
•
10th Grade - Professi...
62 questions
Security+ Phase 6

Quiz
•
Professional Development
70 questions
NCCoSN CETL Exam Practice Quiz

Quiz
•
Professional Development
66 questions
WEEK 2

Quiz
•
Professional Development
60 questions
Mometrix FELE

Quiz
•
Professional Development
61 questions
social aspects of communication

Quiz
•
Professional Development
60 questions
61-1

Quiz
•
Professional Development
70 questions
Guest Control and Upselling - Part 2

Quiz
•
Professional Development
Popular Resources on Quizizz
15 questions
Multiplication Facts

Quiz
•
4th Grade
20 questions
Math Review - Grade 6

Quiz
•
6th Grade
20 questions
math review

Quiz
•
4th Grade
5 questions
capitalization in sentences

Quiz
•
5th - 8th Grade
10 questions
Juneteenth History and Significance

Interactive video
•
5th - 8th Grade
15 questions
Adding and Subtracting Fractions

Quiz
•
5th Grade
10 questions
R2H Day One Internship Expectation Review Guidelines

Quiz
•
Professional Development
12 questions
Dividing Fractions

Quiz
•
6th Grade