A is my answer. Testing incident response plans includes: Document Review. Walk-Through. Scenarios/Tabletops. Live-Fire. By testing these things, you get a "thoroughness of the response plan."
(B) ISACA CISM 15ed Review Manual: The main objective of testing is to ensure that executing the plans will result in the successful recovery of the infrastructure and critical business processes
Testing should focus on:
• Identifying gaps
• Verifying assumptions
• Testing timelines
• Determining the effectiveness of strategies
• Evaluating the performance of personnel
• Determining the accuracy and currency of plan information
B. Verify the response assumptions are valid.
Testing the validity of response assumptions is crucial because it ensures that the plan is built on a solid foundation. If the assumptions are incorrect or outdated, the entire response plan may be ineffective when a real security incident occurs. Validating these assumptions helps in ensuring that the response plan is based on accurate and up-to-date information, which is essential for an effective response to security incidents.
It's a tough one. According to ISACA Review Manual "Exercises and tests should be conducted to determine whether the disaster recovery plan will function as expected... Exercises should test the validity of the plan and the assumptions on which it is based, validate recovery strategies, and ensure the plan reflects the current business impact analysis (BIA) and risk assessment data." So it can easily be A, B or D.
But, IMO, the question is asking what is the main OBJECTIVE and that's to "validate the assumptions" on which you based your plan. The main point is not to check thoroughness, it is to check whether your plan actually works and makes sense.
B. Verify the response assumptions are valid.
Testing the validity of response assumptions is crucial because it ensures that the plan is built on a solid foundation. If the assumptions are incorrect or outdated, the entire response plan may be ineffective when a real security incident occurs. Validating these assumptions helps in ensuring that the response plan is based on accurate and up-to-date information, which is essential for an effective response to security incidents.
"Exercises and tests should be conducted to determine whether the disaster recovery plan will function as expected... Exercises should test the validity of the plan and the assumptions on which it is based, validate recovery strategies, and ensure the plan reflects the current business impact analysis (BIA) and risk assessment data." - CISM Review Manual, 15th Edition, 2019, page 181.
The MOST important objective of testing a security incident response plan is to verify that the response assumptions are valid. This means testing the plan against a variety of scenarios to ensure that the procedures are effective and will work as expected in different situations.
Answer is B because the plan can be thorough but have a lot of assumptions and each of those assumptions needs to be validated. If they're not validated, then the incident response plan is not really fit for purpose
This section is not available anymore. Please use the main Exam Page.CISM Exam Questions
Log in to ExamTopics
Sign in:
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
aokisan
Highly Voted 1 year, 11 months agoukwummere1
1 year, 11 months agoProspect57
Highly Voted 1 year, 9 months agoangellorv
Most Recent 5 months, 1 week ago03allen
5 months, 3 weeks agooluchecpoint
8 months, 2 weeks agoAlexJacobson
9 months ago[Removed]
11 months, 2 weeks agooluchecpoint
1 year, 1 month ago[Removed]
1 year, 2 months agorichck102
1 year, 4 months agoAbhey
1 year, 5 months agoNaijaboy
1 year, 5 months agobaranikumar_v
1 year, 9 months ago