1. After a security incident has been contained, which of the following should be done FIRST?

• A. Conduct forensic analysis
• B. Notify local authorities
• C. Restore the affected system from backup
• D. Perform a complete wipe of the affected system

2. What should be an information security manager's PRIMARY objective in the event of a security incident?

• A. Contain the threat and restore operations in a timely manner.
• B. Ensure that normal operations are not disrupted.
• C. Identify the source of the breach and how it was perpetrated.
• D. Identify lapses in operational control effectiveness.

3. An information security manager is preparing an incident response plan. Which of the following is the MOST important consideration when responding to an incident involving sensitive customer data?

• A. The assignment of a forensics team
• B. The ability to recover from the incident in a timely manner
• C. The ability to obtain incident information in a timely manner
• D. Following defined post-incident review procedures

4.

Which of the following should be the FIRST step of incident response procedures?

• A. Classify the event depending on severity and type.
• B. Identify if there is a need for additional technical assistance.
• C. Perform a risk assessment to determine the business impact.
• D. Evaluate the cause of the control failure.