Welcome to ExamTopics
ExamTopics Logo
- Expert Verified, Online, Free.
Mail Us[email protected]
Menu
Isaca Discussions
exam questions

Exam CISM All Questions

View all questions & answers for the CISM exam
Go to Exam

Exam CISM topic 1 question 1026 discussion

Actual exam question from Isaca's CISM
Question #: 1026
Topic #: 1
[All CISM Questions]

An incident management team leader sends out a notification that the organization has successfully recovered from a cyberattack. Which of the following should be done NEXT?

  • A. Secure and preserve digital evidence for analysis.
  • B. Gather feedback on business impact.
  • C. Conduct a meeting to capture lessons learned.
  • D. Prepare an executive summary for senior management.
Show Suggested Answer Hide Answer
Suggested Answer: C 🗳️
by richck102 at Nov. 20, 2023, 2:16 a.m.

Comments

Chosen Answer:
This is a voting comment (?) , you can switch to a simple comment.
Switch to a voting comment New
Submit Cancel
Cyberbug2021
Highly Voted 12 months ago
evidence should be preserved as early as possible
upvoted 5 times
...
Booict
Most Recent 4 months ago
C - After an incident, it’s crucial to analyze what went well and what could be improved. A lessons-learned meeting helps identify areas for enhancement, update incident response procedures, and enhance overall resilience. A is important too, BUT it’s typically done during the incident response process, not immediately after recovery.
upvoted 1 times
...
d3fa4d2
7 months ago
Selected Answer: C
Option A should be done before sending email that recovery is complete. How can you recover without finding root cause and identifying entry point of malware and blocking it from happening again.
upvoted 1 times
...
koala_lay
11 months, 1 week ago
Selected Answer: C
Conducting a meeting to capture lessons learned as the next step after a notification is sent out stating that the organization has successfully recovered from a cyberattack. This meeting will allow the incident management team to gather insights and feedback on the incident response process, identify any areas for improvement, and share best practices for future incidents. It is important to capture these lessons learned while the incident is still fresh in everyone's minds to ensure that the organization can better prepare and respond to any future cyberattacks. Once the lessons learned have been captured, the team can proceed with securing and preserving digital evidence for analysis, gathering feedback on business impact, and preparing an executive summary for senior management.
upvoted 1 times
...
Cyberbug2021
12 months ago
Selected Answer: A
The evidence is going to be needed for lessons learned and RCA
upvoted 2 times
...
richck102
1 year ago
Selected Answer: C
C. Conduct a meeting to capture lessons learned.
upvoted 4 times
SHERLOCKAWS
11 months, 2 weeks ago
securing and preserving digital evidence for analysis (Option A) is important, but it typically occurs earlier in the incident response process. Correct answer is C.
upvoted 6 times
...
...

Get IT Certification

Unlock free, top-quality video courses on ExamTopics with a simple registration. Elevate your learning journey with our expertly curated content. Register now to access a diverse range of educational resources designed for your success. Start learning today with ExamTopics!

Start Learning for free
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel