ISC2 CISSP Exam - Topic 2 Question 58 Discussion

Actual exam question for ISC2's CISSP exam

Question #: 58
Topic #: 2

Information Security Continuous Monitoring (1SCM) is defined as maintaining ongoing awareness of information security, vulnerabilities, and threats to support organizational risk management

decisions. Which of the following is the FIRST step in developing an ISCM strategy and implementing an ISCM program?

ADefine a strategy based on risk tolerance that maintains clear visibility into assets, awareness of vulnerabilities, up-to-date threat information, and mission/business impacts.

BConduct a vulnerability assessment to discover current threats against the environment and incorporate them into the program.

CRespond to findings with technical management, and operational mitigating activities or acceptance, transference/sharing, or avoidance/rejection.

DAnalyze the data collected and report findings, determining the appropriate response. It may be necessary to collect additional information to clarify or supplement existing monitoring data.

Show Suggested Answer

Suggested Answer: A

by Barrett at Aug 20, 2022, 11:27 PM

Limited Time Offer

25%

Off

Get Premium CISSP Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

Submit Cancel

Sylvie

4 months ago

C and D are more about response, not initial strategy.

upvoted 0 times

...

Lauran

4 months ago

Wait, are we sure A is right? Seems too broad to start with.

upvoted 0 times

...

Tammara

4 months ago

Totally agree with A, visibility is key!

upvoted 0 times

...

Nenita

4 months ago

I think B makes more sense. You need to know your threats first!

upvoted 0 times

...

Theresia

4 months ago

A is definitely the first step! Gotta define that strategy.

upvoted 0 times

...

Cammy

5 months ago

Analyzing data and reporting findings seems like something we do after we've established a strategy, so I don't think that's the first step.

upvoted 0 times

...

Teresita

5 months ago

I feel like responding to findings is more of a later step in the process, but I could see how some might think it’s part of the initial strategy.

upvoted 0 times

...

Brent

5 months ago

I remember a practice question that emphasized the importance of understanding vulnerabilities first, which makes me lean towards conducting a vulnerability assessment as the first step.

upvoted 0 times

...

Norah

5 months ago

I think the first step should be defining a strategy based on risk tolerance, but I'm not entirely sure if that's the very first thing we should do.

upvoted 0 times

...

Okay, let's see. I know that route reflectors are used to reduce the number of BGP peering sessions within an AS, and that clusters can be configured to further optimize this. I'll need to double-check the specifics on how the clusters interact.

upvoted 0 times

...

Shannon

5 months ago

I'm pretty confident the underlined text is incorrect. The right way to create a new group is to drag a tile to the far-right side of the Start screen and drop it there.

upvoted 0 times

...

Andrew

5 months ago

Hmm, I'm not sure about this one. I know there's an option to create recurring tasks, but I'm not sure if that's the right approach here. I might need to think this through a bit more.

upvoted 0 times

...

Mabel

5 months ago

Hmm, I'm not entirely sure about this one. I'll need to think it through carefully and review my notes on the WFM system architecture.

upvoted 0 times

...

ISC2 CISSP Exam - Topic 2 Question 58 Discussion

Contribute your Thoughts:

Sylvie

Lauran

Tammara

Nenita

Theresia

Cammy

Teresita

Brent

Norah

Alona

Shannon

Andrew

Mabel