The security officer is preparing a read-only USB stick with a document of important personal
phone numbers, vendor contacts, an MD5 program, and other tools to provide to employees. At
which of the following points in an incident should the officer instruct employees to use this
information?
A.
Business Impact Analysis
B.
First Responder
C.
Damage and Loss Control
D.
Contingency Planning
Explanation:
looks like D to me
0
0
Another Badly written question with a level of ambiguity:
First, for a few definitions:
• MD5 Program –An MD5 Program is a hash checker. For example, Microsoft File Checksum Integrity Verifier tool is an unsupported command line utility that computes MD5 or SHA1 cryptographic hashes for files.
• “Contingency” – a provision for a possible event or circumstance.
So the Security Officer creates the USB with an MD5 Program and “other tools” and gives it to “employees”. An “MD5 Program” is typically used by “first responders”
The question is: Who are the employees?
• Are we to assume that all employees will potentially become “first responders”?
• Are we to assume that all “employees” know how to use an “MD5 Program” and the “other tools”?
Now for the only possible answer:
Correct Answer: B
Explanation:
Incident response procedures involves:
Preparation;
Incident identification;
Escalation and notification;
Mitigation steps;
Lessons learned;
Reporting;
Recover/reconstitution procedures;
First responder;
Incident isolation (Quarantine; Device removal);
Data breach;
Damage and loss control
In this scenario the security officer is carrying out an incident response measure that will address and be of benefit to those in the vanguard, i.e. the employees and they are the first responders.
Incorrect Answers:
A: A business impact analysis (BIA) is concerned with evaluating the processes in the likelihood of a loss. A business impact analysis is an integral part of Business continuity planning which is a management tool that ensures that critical business functions can be performed when normal business operations are disrupted. In this case the question refers to a process within the incident response plan being carried out by an incident response team member.
C: Damage and loss Control is a critical, but a security officer arming employees (those in the vanguard) with tools to mitigate risk when they encounter an incident seems more like a first responder phase in incident response procedures.
D: Contingency planning is not normally part of an incidence response policy.
0
0