Home > Certified Information Security Manager (CISM) > Quizzes > CISM: Post-Incident Activities and Investigation
CISM: Post-Incident Activities and Investigation
Fast practice, instant feedback. Timer auto-submits when time’s up.
Avg score: 56% Most missed: “What is the most important element of a forensic investigation?”
CISM: Post-Incident Activities and Investigation
Time left 00:00
25 Questions

1. What is the prime purpose of conducting a post-incident review?
2. What is the objective of reviewing the observations of staff involved in a disaster recovery test?
3. What is the most important aspect when evidence is to be used in legal proceedings?
4. When will data recovery from a specific file be the most challenging?
5. What should be the priority during a forensic analysis of electronic information?
6. A rootkit was installed in a server and the critical data of the organization was stolen. What should be the next step of the security manager to ensure the admissibility of evidence in legal proceedings?
7. The security manager has identified a vulnerability in a server. What should their next step be?
8. What is the most important aspect to consider while collecting and preserving admissible evidence?
9. Concerning a forensic investigation, data is to be copied from the original drive for further analysis. Which of the following must be ensured?
10. What is the most important advantage of implementing a systematic and methodological incident management program?
11. While handling the incident, what should be the most important aspect while interacting with the media?
12. What is the best source to analyze a compromised server for forensic investigation?
13. The best way to resolve the operational issues with a third-party service provider is to include what in the service-level agreement?
14. What should be your priority when evidence is to be used in legal proceedings?
15. What is the main reason to conduct a post-incident review?
16. Which of the following is considered a violation of the chain of custody?
17. The security manager has taken a bit-by-bit copy image of the suspected hard drive. What should their immediate next step be?
18. What is the most important element of a forensic investigation?
19. What should be the first step of the security manager after the aftermath of a distributed denial of service attack?
20. What should be the first step while taking a forensic image of a hard drive?
21. What is the most important aspect while collecting evidence for forensic analysis?
22. What is the main reason for not disconnecting the power while analyzing the suspected behavior of a computer?
23. The root cause of a security incident has indicated that one important process was not monitored. As a result, the monitoring process has been started. Monitoring will best help with which of the following?
24. What is the most important aspect when evidence is to be used in legal proceedings?
25. The security manager has discovered an attempted SQL injection attack on an application but could not determine whether it was successful. Who should be in the best position to assess the possible impact of the attack?