ExamGecko
Search Search Login
Home Home / Isaca / CISM
Question list
Search
Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

Which of the following BEST facilitates the effective execution of an incident response plan?
Which of the following BEST enables an incident response team to determine appropriate actions during an initial investigation?
When remote access to confidential information is granted to a vendor for analytic purposes, which of the following is the MOST important security consideration?
Which of the following BEST demonstrates that an anti-phishing campaign is effective?
What should a global information security manager do FIRST when informed that a new regulation with significant impact will go into effect soon?
Which of the following is the BEST approach to incident response for an organization migrating to a cloud-based solution?
What should an information security manager verify FIRST when reviewing an information asset management program?
Several months after the installation of a new firewall with intrusion prevention features to block malicious activity, a breach was discovered that came in through the firewall shortly after installation. This breach could have been detected earlier by implementing firewall:
When properly implemented, secure transmission protocols protect transactions:
Which of the following is the BEST approach when creating a security policy for a global organization subject to varying laws and regulations?

Question 36 - CISM discussion

Report
Export

Which of the following Is MOST useful to an information security manager when conducting a post-incident review of an attack?

A.
Cost of the attack to the organization
Answers
A.
Cost of the attack to the organization
B.
Location of the attacker
Answers
B.
Location of the attacker
C.
Method of operation used by the attacker
Answers
C.
Method of operation used by the attacker
D.
Details from intrusion detection system (IDS) logs
Answers
D.
Details from intrusion detection system (IDS) logs
Suggested answer: C

Explanation:

= The method of operation used by the attacker is the most useful information for an information security manager when conducting a post-incident review of an attack. This information can help identify the root cause of the incident, the vulnerabilities exploited, the impact and severity of the attack, and the effectiveness of the existing security controls. The method of operation can also provide insights into the attacker's motives, skills, and resources, which can help improve the organization's threat intelligence and risk assessment. The cost of the attack to the organization, the location of the attacker, and the details from IDS logs are all relevant information for a post-incident review, but they are not as useful as the method of operation for improving the incident handling process and preventing future attacks.Reference=CISM Review Manual 2022, page 316;CISM Item Development Guide 2022, page 9;ISACA CISM: PRIMARY goal of a post-incident review should be to?

Show Answer
asked 01/10/2024
Hydir Sherbini
26 questions
PreviousPreviousNextNext
User
Your answer:
0 comments
Sorted by

Leave a comment first

ExamGecko

Copyright @2023 ExamGecko | All right reserved

Mail us: [email protected]
About us
Contact us
Twitter X
Facebook
Medium
Convert VPLUS to PDF
Open VPLUS files Easily and Quickly
Privacy Policy
Disclaimer
Terms