An organization has received complaints from users that some of their files have been encrypted. These users are receiving demands for money to decrypt the files. Which of the following would be the BEST course of action?
Correct Answer: A
Question 97
An organization is creating a risk mitigation plan that considers redundant power supplies to reduce the business risk associated with critical system outages. Which type of control is being considered?
Correct Answer: C
Question 98
Which of the following BEST indicates the effectiveness of a recent information security awareness campaign delivered across the organization?
Correct Answer: D
Question 99
Implementing the principle of least privilege PRIMARILY requires the identification of:
Correct Answer: A
Implementing the principle of least privilege primarily requires the identification of job duties. This principle states that users should only be given the minimum level of access necessary to perform their job duties. By identifying the specific job duties of each user, an organization can determine the minimum level of access needed, and restrict access to any unnecessary resources. This helps to minimize the potential damage that can be caused by a malicious or compromised user.
Question 100
Which of the following is the BEST way for an organization to ensure that incident response teams are properly prepared?
Correct Answer: C
The BEST way for an organization to ensure that incident response teams are properly prepared is by conducting tabletop exercises appropriate for the organization. Tabletop exercises are an effective way to test and validate an organization's incident response plan (IRP) and the readiness of the incident response team. These exercises simulate different scenarios in a controlled environment and allow the team to practice their response procedures, identify gaps, and make improvements to the plan. By conducting regular tabletop exercises, the incident response team can stay current with changes in the threat landscape and ensure that they are prepared to respond to incidents effectively. According to the Certified Information Security Manager (CISM) Study Manual, "Tabletop exercises are a valuable tool for testing and validating the effectiveness of the IRP and the readiness of the incident response team. These exercises simulate different scenarios in a controlled environment and allow the team to practice their response procedures, identify gaps, and make improvements to the plan." While providing training from third-party forensics firms, obtaining industry certifications, and documenting multiple scenarios for the organization and response steps can all be useful in preparing incident response teams, they are not as effective as conducting tabletop exercises appropriate for the organization. Reference: Certified Information Security Manager (CISM) Study Manual, 15th Edition, Page 324.
