Which of the following is the MOST effective way to mitigate the risk of data loss in the event of a stolen laptop?
Correct Answer: D
Question 212
Spoofing should be prevented because it may be used to:
Correct Answer: A
Gaining illegal entry to a secure system by faking the sender's address is one of the reasons why spoofing should be prevented. Spoofing is a technique that involves impersonating someone or something else to deceive or manipulate the recipient or target. Spoofing can be applied to various communication channels, such as emails, websites, phone calls, IP addresses, or DNS servers. One of the common goals of spoofing is to gain unauthorized access to a secure system by faking the sender's address, such as an email address or an IP address. For example, an attacker may spoof an email address of a trusted person or organization and send a phishing email that contains a malicious link or attachment. If the recipient clicks on the link or opens the attachment, they may be redirected to a fake website that asks for their credentials or downloads malware onto their device. Alternatively, an attacker may spoof an IP address of a trusted source and send packets to a secure system that contains malicious code or commands. If the system accepts the packets as legitimate, it may execute the code or commands and compromise its security. Therefore, gaining illegal entry to a secure system by faking the sender's address is one of the reasons why spoofing should be prevented. References: * https://www.kaspersky.com/resource-center/definitions/spoofing * https://www.cisa.gov/resources-tools/resources/business-case-security * https://www.avast.com/c-spoofing
Question 213
During the response to a serious security breach, who is the BEST organizational staff member to communicate with external entities?
Correct Answer: B
Question 214
An organization uses a security standard that has undergone a major revision by the certifying authority. The old version of the standard will no longer be used for organizations wishing to maintain their certifications. Which of the following should be the FIRST course of action?
Correct Answer: B
Reviewing the new standard for applicability to the business is the first course of action, as it helps to understand the changes, gaps, and impacts of the revision on the organization's security posture, compliance status, and business objectives. Evaluating the cost of maintaining the certification, modifying policies to ensure new requirements are covered, and communicating the new standard to senior leadership are important steps, but they should be done after reviewing the new standard for applicability to the business. Reference = CISM Review Manual 2022, page 361; CISM Exam Content Outline, Domain 1, Task 1.2
Question 215
The PRIMARY objective of timely declaration of a disaster is to:
Correct Answer: A
The primary objective of timely declaration of a disaster is to ensure the continuity of the organization's essential services, as it enables the activation of the business continuity plan (BCP) and the disaster recovery plan (DRP) that outline the processes and procedures to maintain or resume the critical business functions and minimize the impact of the disruption. A timely declaration of a disaster also helps to communicate the situation to the stakeholders, mobilize the resources, and request external assistance if needed. References = CISM Review Manual, 27th Edition, Chapter 4, Section 4.3.1, page 2271; FEMA, How a Disaster Gets Declared2; CISM Online Review Course, Module 4, Lesson 3, Topic 13
