ExamTopics Logo
Mail Us[email protected]
Menu
Isaca Discussions
exam questions

Exam CISM All Questions

View all questions & answers for the CISM exam
Go to Exam

Exam CISM topic 1 question 262 discussion

Actual exam question from Isaca's CISM
Question #: 262
Topic #: 1
[All CISM Questions]

An incident response team recently encountered an unfamiliar type of cyber event. Though the team was able to resolve the issue, it took a significant amount of time to identify. What is the BEST way to help ensure similar incidents are identified more quickly in the future?

  • A. Establish performance metrics for the team.
  • B. Perform a post-incident review.
  • C. Perform a threat analysis.
  • D. Implement a SIEM solution.
Show Suggested Answer Hide Answer
Suggested Answer: B 🗳️
by MyKasala at Jan. 8, 2023, 11:27 a.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
Broesweelies
Highly Voted 1 year, 9 months ago
Selected Answer: B
A post-incident review is an important step in the incident response process. It allows the incident response team to evaluate their response to the incident and identify any areas for improvement. By conducting a thorough analysis of the incident, including the cause, the actions taken and the outcomes, the team can identify any gaps in their knowledge or processes that led to the incident taking longer to identify. This information can then be used to improve incident response procedures and to develop new strategies for identifying similar incidents more quickly in the future.
upvoted 9 times
...
e891cd1
Most Recent 5 months, 1 week ago
B. A Post Incident review can point out the Gap of not having an SIEM solution.
upvoted 1 times
...
blehbleh
9 months, 2 weeks ago
Selected Answer: D
Pretty sure this is D. Trying to identify would have been easier with a SIEM solution to correlate all the event and incident data.
upvoted 1 times
blehbleh
9 months, 2 weeks ago
I am changing to B, sorry. It states this is the first time they encountered this incident. Then it asks how to identify similar incidents later. If all we care about is identifying similar incidents to an incident they had never occurred before it would be post-incident review. This way they can gain knowledge and understand what to identify for this particular incident and identify/navigate similar ones in the future.
upvoted 3 times
...
...
richck102
1 year, 4 months ago
D. Implement a SIEM solution.
upvoted 1 times
...
DASH_v
1 year, 4 months ago
2nd thought since the team already knows the "event" but spend much time to solve it, a post-incident review seems to be more helpful. So, B.
upvoted 2 times
...
DASH_v
1 year, 4 months ago
D. For sure. B is for IR process improvement, but without SIEM you never be able to identify complex and new cyber attacks in time.
upvoted 1 times
...
MyKasala
1 year, 9 months ago
Selected Answer: D
I think D
upvoted 2 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago