In the course of responding 10 an information security incident, the BEST way to treat evidence for possible legal action is defined by:

• A.international standards.
• B.local regulations.
• C.generally accepted best practices.
• D.organizational security policies.

Comment: *

Name: *

Email: *

Verification: *

Senior management has approved employees working off-site by using a virtual private network (VPN) connection. It is MOST important for the information security manager to periodically:

• A.perform a cost-benefit analysis
• B.perform a risk assessment
• C.review firewall configuration
• D.review the security policy

Comment: *

Name: *

Email: *

Verification: *

When designing the technical solution for a disaster recovery site, the PRIMARY factor that should be taken into consideration is the:

• A.services delivery objective.
• B.recovery time objective (RTO).
• C.recovery window.
• D.maximum tolerable outage (MTO).

Comment: *

Name: *

Email: *

Verification: *

To determine how a security breach occurred on the corporate network, a security manager looks at the logs of various devices. Which of the following BEST facilitates the correlation and review of these logs?

• A.Database server
• B.Domain name server (DNS)
• C.Time server
• D.Proxy server

Comment: *

Name: *

Email: *

Verification: *

A computer incident response team (CIRT) manual should PRIMARILY contain which of the following documents?

• A.Risk assessment results
• B.Severity criteria
• C.Emergency call tree directory
• D.Table of critical backup files

Comment: *

Name: *

Email: *

Verification: *