Online Access Free ISO-IEC-27035-Lead-Incident-Manager Exam Questions

According to scenario 4, what is the next action ORingo should take to prevent escalation when conducting exercises?

• A.Proceed with the exercise as planned, considering this as a part of the learning process
• B.Wait until the exercise is completed to clarify the situation with all parties involved
• C.Inform all participants and external entities involved that this was a simulated scenario and not a real threat immediately

Scenario 8: Moneda Vivo, headquartered in Kuala Lumpur. Malaysia, is a distinguished name in the banking sector. It is renowned for its innovative approach to digital banking and unwavering commitment to information security. Moneda Vivo stands out by offering various banking services designed to meet the needs of its clients. Central to its operations is an information security incident management process that adheres to the recommendations of ISO/IEC 27035-1 and 27035-2.
Recently. Moneda Vivo experienced a phishing attack aimed at its employees Despite the bank's swift identification and containment of the attack, the incident led to temporary service outages and data access issues, underscoring the need for improved resilience The response team compiled a detailed review of the attack, offering valuable insights into the techniques and entry points used and identifying areas for enhancing their preparedness.
Shortly after the attack, the bank strengthened its defense by implementing a continuous review process to ensure its incident management procedures and systems remain effective and appropriate While monitoring the incident management process, a trend became apparent. The mean time between similar incidents decreased after a few occurrences; however, Moneda Vivo strategically ignored the trend and continued with regular operations This decision was rooted in a deep confidence in its existing security measures and incident management protocols, which had proven effective in quick detection and resolution of issues Moneda Vivo's commitment to transparency and continual improvement is exemplified by its utilization of a comprehensive dashboard. This tool provides real time insights into the progress of its information security incident management, helping control operational activities and ensure that processes stay within the targets of productivity, quality, and efficiency. However, securing its digital banking platform proved challenging.
Following a recent upgrade, which included a user interface change to its digital banking platform and a software update, Moneda Vivo recognized the need to immediately review its incident management process for accuracy and completeness. The top management postponed the review due to financial and time constraints.
Scenario 8: Moneda Vivo, headquartered in Kuala Lumpur, Malaysia, is a distinguished name in the banking sector. It recently experienced a phishing attack, prompting the response team to conduct a detailed review.
The incident underscored the need for resilience and continuous improvement.
What is the primary goal of the information Moneda Vivo's incident report team gathered from the incident?

• A.To showcase the effectiveness of existing security protocols to stakeholders
• B.To document the incident for legal compliance purposes
• C.To learn from the incident and improve future security measures

Based on the categorization of information security incidents, incidents such as abuse of rights, denial of actions, and misoperations are categorized as:

• A.Compromise of functions incident
• B.Breach of rule incident
• C.Compromise of information incident

Scenario 3: L&K Associates is a graphic design firm headquartered in Johannesburg, South Africa. It specializes in providing innovative and creative design solutions to clients across various industries. With offices in multiple parts of the country, they effectively serve clients, delivering design solutions that meet their unique needs and preferences.
In its commitment to maintaining information security, L&K Associates is implementing an information security incident management process guided by ISO/IEC 27035-1 and ISO/IEC 27035-2. Leona, the designated leader overseeing the implementation of the incident management process, customized the scope of incident management to align with the organization's unique requirements. This involved specifying the IT systems, services, and personnel involved in the incident management process while excluding potential incident sources beyond those directly related to IT systems and services.
In scenario 3, which technique did L&K Associates use for its risk analysis process?

• A.Quantitative risk analysis
• B.Semi-quantitative risk analysis
• C.Qualitative risk analysis

Which action is NOT involved in the process of improving controls in incident management?

• A.Documenting risk assessment results
• B.Implementing new or updated controls
• C.Updating the incident management policy