ExamGecko
Search Search Login
Home Home / IAPP / CIPM
Question list
Search
Search

List of questions

Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

Your marketing team wants to know why they need a check box for their SMS opt-in. You explain it is part of the consumer's right to?
In a sample metric template, what does ''target'' mean?
An online retailer detects an incident involving customer shopping history but no keys have been compromised. The Privacy Offce is most concerned when it also involves?
Under the General Data Protection Regulation (GDPR), what are the obligations of a processor that engages a sub-processor?
Under the GDPR. when the applicable lawful basis for the processing of personal data is a legal obligation with which the controller must comply. which right can the data subject exercise?
Under the General Data Protection Regulation (GDPR), what must be included in a written agreement between the controller and processor in relation to processing conducted on the controller's behalf?
When a data breach incident has occurred. the first priority is to determine?
Your company provides a SaaS tool for B2B services and does not interact with individual consumers. A client's current employee reaches out with a right to delete request. what is the most appropriate response?
A systems audit uncovered a shared drive folder containing sensitive employee data with no access controls and therefore was available for all employees to view. What is the first step to mitigate further risks?
You would like to better understand how your organization can demonstrate compliance with international privacy standards and identify gaps for remediation. What steps could you take to achieve this objective?

Question 17 - CIPM discussion

Report
Export

SCENARIO

Please use the following to answer the next QUESTION:

Ben works in the IT department of IgNight, Inc., a company that designs lighting solutions for its clients. Although IgNight's customer base consists primarily of offices in the US, some individuals have been so impressed by the unique aesthetic and energy-saving design of the light fixtures that they have requested

IgNight's installations in their homes across the globe.

One Sunday morning, while using his work laptop to purchase tickets for an upcoming music festival, Ben happens to notice some unusual user activity on company files. From a cursory review, all the data still appears to be where it is meant to be but he can't shake off the feeling that something is not right. He knows that it is a possibility that this could be a colleague performing unscheduled maintenance, but he recalls an email from his company's security team reminding employees to be on alert for attacks from a known group of malicious actors specifically targeting the industry.

Ben is a diligent employee and wants to make sure that he protects the company but he does not want to bother his hard-working colleagues on the weekend. He is going to discuss the matter with this manager first thing in the morning but wants to be prepared so he can demonstrate his knowledge in this area and plead his case for a promotion.

To determine the steps to follow, what would be the most appropriate internal guide for Ben to review?

A.

Incident Response Plan.

Answers
A.

Incident Response Plan.

B.

Code of Business Conduct.

Answers
B.

Code of Business Conduct.

C.

IT Systems and Operations Handbook.

Answers
C.

IT Systems and Operations Handbook.

D.

Business Continuity and Disaster Recovery Plan.

Answers
D.

Business Continuity and Disaster Recovery Plan.

Suggested answer: A

Explanation:

The most appropriate internal guide for Ben to review is the Incident Response Plan. An Incident Response Plan is a document that outlines how an organization will respond to a security incident, such as a data breach, a cyberattack, or a malware infection. An Incident Response Plan typically includes:

The roles and responsibilities of the incident response team and other stakeholders

The procedures and protocols for detecting, containing, analyzing, and resolving incidents

The communication and escalation channels for reporting and notifying incidents

The tools and resources for conducting incident response activities

The criteria and methods for evaluating and improving the incident response process

An Incident Response Plan helps an organization prepare for and deal with security incidents in an effective and efficient manner. It also helps an organization minimize the impact and damage of security incidents, comply with legal and regulatory obligations, and restore normal operations as soon as possible.

The other options are not as relevant or useful as the Incident Response Plan for Ben's situation. The Code of Business Conduct is a document that defines the ethical standards and expectations for the organization's employees and stakeholders. It may include some general principles or policies related to security, but it does not provide specific guidance on how to handle security incidents. The IT Systems and Operations Handbook is a document that describes the technical aspects and functions of the organization's IT systems and infrastructure. It may include some information on security controls and configurations, but it does not provide detailed instructions on how to perform incident response tasks. The Business Continuity and Disaster Recovery Plan is a document that outlines how an organization will continue its critical functions and operations in the event of a disruption or disaster, such as a natural disaster, a power outage, or a fire. It may include some measures to protect or recover data and systems, but it does not focus on security incidents or threats.Reference:What Is an Incident Response Plan for IT?;Incident Response Plan (IRP) Basics

Show Answer
asked 22/11/2024
Mohamed Mohamed
48 questions
PreviousPreviousNextNext
User
Your answer:
0 comments
Sorted by

Leave a comment first

ExamGecko

Copyright @2023 ExamGecko | All right reserved

Mail us: [email protected]
About us
Contact us
Twitter X
Facebook
Medium
Convert VPLUS to PDF
Open VPLUS files Easily and Quickly
Privacy Policy
Disclaimer
Terms