exam questions

Exam CISM All Questions

View all questions & answers for the CISM exam

Exam CISM topic 1 question 956 discussion

Actual exam question from Isaca's CISM
Question #: 956
Topic #: 1
[All CISM Questions]

Which of the following is the FIRST step when conducting a post-incident review?

  • A. Identify mitigating controls.
  • B. Assess the costs of the incident.
  • C. Perform root cause analysis.
  • D. Assign responsibility for corrective actions.
Show Suggested Answer Hide Answer
Suggested Answer: C 🗳️

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
AlexJacobson
7 months, 2 weeks ago
Well this is weird. According to CISM Exam Prep Guide (2nd ed.), page 453, both B and C are correct and B is considered first but it's not explicitly said.
upvoted 1 times
AlexJacobson
7 months, 2 weeks ago
CISM AIO on page 501 is more concrete: "- Post-incident Review - Shortly after the incident closes, incident responders and other personnel meet to discuss the incident: its cause, impact, and the organization’s response. Discussion can range from lessons learned to possible improvements in technologies and processes to improve defense and response further."
upvoted 1 times
...
...
richck102
10 months, 3 weeks ago
Selected Answer: C
i vote....C. Perform root cause analysis.
upvoted 2 times
...
iacini
1 year ago
Isn't root cause essential in eradication phase?
upvoted 2 times
devilend
1 year ago
The root cause may be not defined at redaction phases , as incident of ransomware. check Quiz 949
upvoted 1 times
...
helg420
3 months, 4 weeks ago
I thought so too however after some research, it appears there is also a strategic place for RCA in the PIR phase. Heres why: During Eradication, the focus is on eliminating the threat from the affected systems and preventing its immediate spread. RCA at this stage is aimed at understanding how the threat entered and escalated within the system, to ensure complete removal. The urgency is on addressing the incident and securing the environment. During PIR, the emphasis shifts to a broader analysis and reflection. Here, RCA is revisited or expanded upon with the benefit of hindsight, more data, and a less pressured environment compared to the active incident response. This review aims to refine the incident response process, improve security postures, and ensure better preparedness for future incidents. The distinction here is not so much about when RCA is performed, as it is critical at multiple stages, but rather about the depth and breadth of analysis.
upvoted 1 times
...
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
Loading ...
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago