What procedure is designed to enable security personnel to detect, analyze, contain, eradicate, respond, and recover from malicious computer incidents such as a denial-of-service attack?
A . Disaster Recovery Plan
B . Emergency Analysis Plan
C . Crisis Communication Plan
D . Incident Response Plan
Answer: D
Explanation:
Reference: https://nvlpubs.nist.gov/nistpubs/specialpublications/nist.sp.800-61r2.pdf
What must be included in the CMDB?
A . Inventory of uninstalled software
B . Software End User Licensing Agreements
C . Dependencies of installed components
D . Known vulnerabilities of installed software
Answer: C
Explanation:
Reference: https://docs.servicenow.com/bundle/london-servicenow-platform/page/product/configurationmanagement/concept/cnfig-mgmt-and-cmdb.html
Your firewall blocked several machines on your network from connecting to a malicious IP address. After reviewing the logs, the CSIRT discovers all Microsoft Windows machines on the network have been affected based on a newly published CVE.
Based on the IRP, what should be done immediately?
A . Update the asset inventory
B . Contain the breach
C . Eradicate the breach
D . Revise the IRP
Answer: A
The CSIRT team is following the existing recovery plans on non-production systems in a PRE-BREACH scenario.
This action is being executed in which function?
A . Protect
B . Recover
C . Identify
D . Respond
Answer: A
Which document provides an implementation plan to recover business functions and processes during and after an event?
A . Business Continuity Plan
B . Disaster Recovery Plan
C . Risk Assessment Strategy
D . Business Impact Analysis
Answer: B
Explanation:
Reference: https://www.bmc.com/blogs/disaster-recovery-planning/
In which function is the SDLC implemented?
A . Respond
B . Protect
C . Detect
D . Recover
Answer: A
What process is used to identify an organization’s physical, digital, and human resource, as required in their Business Impact Analysis?
A . Risk Management Strategy
B . Risk Assessment
C . Risk Treatment
D . Asset Inventory
Answer: D
DRAG DROP
Rank order the relative severity of impact to an organization of each plan, where “1” signifies the most impact and “4” signifies the least impact.
Answer: 
What is a consideration when performing data collection in Information Security Continuous Monitoring?
A . Data collection efficiency is increased through automation.
B . The more data collected, the better chances to catch an anomaly.
C . Collection is used only for compliance requirements.
D . Data is best captured as it traverses the network.
Answer: A
What is the main goal of a gap analysis in the Identify function?
A . Determine security controls to improve security measures
B . Determine actions required to get from the current profile state to the target profile state
C . Identify gaps between Cybersecurity Framework and Cyber Resilient Lifecycle pertaining to that function
D . Identify business process gaps to improve business efficiency
Answer: B