GAQM Exam ISO27-13-001 Topic 9 Question 76 Discussion

Actual exam question for GAQM's ISO27-13-001 exam

Question #: 76
Topic #: 9

[All ISO27-13-001 Questions]

In the event of an Information security incident, system users' roles and responsibilities are to be observed, except:

AReport suspected or known incidents upon discovery through the Servicedesk

BPreserve evidence if necessary

CCooperate with investigative personnel during investigation if needed

DMake the information security incident details known to all employees

Show Suggested Answer

Suggested Answer: B, C

by Dana at Jun 28, 2024, 11:09 AM

Limited Time Offer

25%

Off

Get Premium ISO27-13-001 Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

Submit Cancel

Micheal

3 months ago

Haha, making the incident known to all employees? That's like putting up a 'Hack Me' sign. Definitely not the right approach.

upvoted 0 times

Justa

1 months ago

D) Make the information security incident details known to all employees

upvoted 0 times

...

Nicolette

1 months ago

Yeah, making it known to everyone is a bad idea. Keep it contained.

upvoted 0 times

...

Long

1 months ago

C) Cooperate with investigative personnel during investigation if needed

upvoted 0 times

...

Dudley

1 months ago

C) Cooperate with investigative personnel during investigation if needed

upvoted 0 times

...

Ezekiel

2 months ago

B) Preserve evidence if necessary

upvoted 0 times

...

Vilma

2 months ago

A) Report suspected or known incidents upon discovery through the Servicedesk

upvoted 0 times

...

Izetta

2 months ago

B) Preserve evidence if necessary

upvoted 0 times

...

Laura

2 months ago

A) Report suspected or known incidents upon discovery through the Servicedesk

upvoted 0 times

...

Melvin

3 months ago

This is a classic incident response question. Option B is the most important - preserving evidence is crucial for the investigation.

upvoted 0 times

...

Chara

3 months ago

I agree, option D goes against the principles of incident response. We should only share details with authorized personnel.

upvoted 0 times

...

Nieves

3 months ago

But making the information security incident details known to all employees could cause panic and compromise the investigation.

upvoted 0 times

...

Paulina

3 months ago

I disagree, I believe the answer is A.

upvoted 0 times

...

Lynna

3 months ago

Option D is clearly the wrong answer. Sharing incident details with all employees would be a big security risk.

upvoted 0 times

Chauncey

2 months ago

D) Make the information security incident details known to all employees

upvoted 0 times

...

Pamella

2 months ago

C) Cooperate with investigative personnel during investigation if needed

upvoted 0 times

...

Ora

2 months ago

B) Preserve evidence if necessary

upvoted 0 times

...

Alva

2 months ago

C) Cooperate with investigative personnel during investigation if needed

upvoted 0 times

...

Lawana

3 months ago

B) Preserve evidence if necessary

upvoted 0 times

...

Julio

3 months ago

A) Report suspected or known incidents upon discovery through the Servicedesk

upvoted 0 times

...

Kristofer

3 months ago

A) Report suspected or known incidents upon discovery through the Servicedesk

upvoted 0 times

...

Nieves

3 months ago

I think the answer is D.

upvoted 0 times

...